PAGE  30 


What  does  it  take  to  provide  360°  communications 
in  a  24/7  business  world? 

Expectations  are  high  for  communication  systems  in  today’s  connected  world.  They  are  expected 
to  deliver  a  lower  cost  of  ownership  while  ensuring  that  people  are  available  and  have  the  tools 
necessary  to  collaborate.  NEC,  the  global  IT  and  networking  company,  delivers  mobility  and  unified 
communications  that  integrate  with  our  UNIVERGE®  IP  Telephony  platforms,  to  improve  business 
processes  and  customer  relationships  by  connecting  people  to  people  and  the  information  they 
need  anytime,  anywhere.  NEC.  Empowering  you  through  innovation. 

—  www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


NEC  is  proud  to  have  the  No.  1  worldwide  ranking  in  enterprise  telephony  extension  line 
shipments  in  2006,  for  the  second  year  in  a  row,  according  to  Gartner* 

•Market  Share:  Enterprise  Telephony  Equipment  Worldwide,  2006;  Megan  Fernandez  &  Isabel 

Montero,  July,  2007  ©NEC  Corporation  2007.  NEC  and  the  NEC  logo  are  registered  trademarks  Empowered  by  Innovation 

of  NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 
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I  don't 
care  22% 


Total  voters  for  this  poll:  102 

Vote  and  discuss:  www.nwdocfinder.com/3756 


Open  source  faces  down 
petabytes  of  data 

The  University  of  California  at  San 
Diego’s  supercomputing  group  has 
upgraded  its  data-management 
software  and  made  it  available  as  an 
open  source  offering  designed  to  han¬ 
dle  petabytes  of  data.The  Data- 
Intensive  Computing  Environments 
group  at  the  San  Diego  Supercomputer 
Center  has  issued  Integrated  Rule- 
Oriented  Data  System  1.0,  which  the 
outfit  says  improves  on  the  Storage 
Resource  Broker  it  has  developed  over 
the  past  10  years. 


The  downside  of  virtualization 

Some  54%  of  300  CIOs  and  other  top 
executives  polled  consider  managing 
their  virtual-server  environments  a 
critical  priority,  but  more  than  half 
aren’t  confident  they  are  doing  it 
effectively,  according  to  a  new  CA 
survey. 


U.K.  to  play  hardball  with  pirates? 
The  U.K.  government  may  cut  off  ’Net 
access  for  Web  users  who  illegally 
download  music,  movies  and  other 
digital  media. 
Documents  leaked 
to  The  Times 
newspaper  say  all 
ISPs  would  be  re¬ 
quired  to  institute 
a  "three  strikes” 
policy  against 
users  caught 
pirating  copyright¬ 
ed  material. 
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P  ILL 

A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 

Will  a  Microsoft-Yahoo  merger  have 
any  real  impact  on  Google? 


NETWORK  INFRASTRUCTURE 

4  Could  IP  address  plan  mean  another 
delay  for  IPv6? 

16  SPECIAL  FOCUS:  Cellular- Wi-Fi 
convergence  paying  off. 

52  Opinion  ’Net  Buzz:  Confessions  of  a 
caller-ID  spoofer. 

ENTERPRISE  COMPUTING 

18  Opinion  Scott  Bradner:  Slow- 
motion  wake-up  call  for  Web  accessibility. 

APPLICATION  SERVICES 

4  Five  virtualization-management  com¬ 
panies  to  watch. 

12  Microsoft  ships  six  critical  patches. 

52  Opinion  BackSpin:  Comcast,  serv¬ 
ing  users  or  itself? 

SERVICE  PROVIDERS 

18  Opinion  Johna  Till  Johnson: 

No  subpoena?  No  deal,  no  records. 

TECH  UPDATE 

19  Reducing  MP3  copyright  risks. 


Yes,  the  Microsoft- 
Yahoo  combo  will 
kick  butt  2nn/ 


No,  Google 
is  a  monster 

58% 


28  Mark  Gibbs:  Wrapping  up  the 
e-commerce  saga. 

28  Keith  Shaw:  Everyone's  got  iPhone 
and  Android  envy. 
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COOL 

■  Sony 
Ericsson’s 
Xperia  XI  is 
the  latest 
touch¬ 
screen 
iPhone-like 
device. 

See  Cool  Tools,  page  28. 


GOODBADUGLY 


IP  address  plan  could 


hurt  IPv6 


How  IP  addresses  are  assigned 


5  virtualization  management 
companies  to  watch 


BY  CAROLYN  DUFFY  MARSAN 

Internet  policymakers  are  considering 
sweeping  changes  to  the  way  they  distribute  IP 
addresses  that  could  let  network  operators 
make  money  by  transferring  unused  blocks  of 
IPv4  address  space  to  others  in  need.  One 
result  could  be  to  lessen  the  incentive  to  move 
to  IPv6  anytime  soon. 

The  American  Registry  for  Internet  Numbers 
(ARIN)  posted  proposed  changes  to  its  IPv4 
address-space  transfer  policy  on  its  Web  site 
last  week.  ARIN  is  a  nonprofit  group  in 
Chantilly  Va.,  that  doles  out  IPv4  and  IPv6 
address  space  to  ISPs  operating  in  the  United 
States,  Canada  and  the  Caribbean. 

Under  the  proposal,  ARIN  would  let  ISPs 
transfer  IPv4  address  registrations,  and  ARIN 
would  provide  a  list  of  IPv4  address  blocks  that 
are  available  for  transfer. 

Until  now,  IPv4  addresses  have  not  been  trad¬ 
able  goods.  When  an  organization  finished 
using  IPv4  address  space,  it  was  supposed  to 
return  it  to  one  of  five  regional  registries,  such 
as  ARIN  in  North  America  (see  graphic).  The 
only  time  ISPs  can  transfer  IPv4  address  space 
is  when  they  are  acquired. 

ARIN’s  proposed  changes  are  designed  to 
help  network  operators  cope  when  the 
Internet  runs  out  of  IPv4  address  space,  which 
is  expected  to  occur  in  2012. 

“Industry  demand  for  IPv4  addresses  will  not 
stop,  but  the  current  supply  channel,  namely 
the  unallocated  IPv4  address  pool,  will  have 
run  out,”  says  Geoff  Huston,  an  expert  on  IPv4 
address  depletion  and  chief  scientist  at  the 
Asia  Pacific  Network  Information  Centre 
(APNIC),  the  Australian  counterpart  to  ARIN. 
“So,  as  with  any  other  commodity  out  there, 
trading  and  pricing  gets  included  into  the  dis¬ 
tribution  function.” 

IPv4  is  the  Internet’s  main  communications 
protocol.  It  uses  32-bit  addresses  and  can  sup¬ 
port  around  4  billion  IP  addresses.  IPv6  is  a 
long-anticipated  upgrade  to  IPv4.  IPv6  uses  a 
128-bit  addressing  scheme  and  can  support  bil¬ 
lions  (2128)  of  IP  addresses. 

The  IETF  designed  IPv6  in  the  mid-1990s  to 
expand  the  available  IP  address  space. 
However,  few  ISPs  or  enterprises  have  up¬ 
graded  to  IPv6. 

The  issue  of  IPv4-address  depletion  has 
received  a  great  deal  of  attention  in  the  last  few 
months.  Experts  say  more  than  80%  of  IPv4 
addresses  have  been  distributed. 

Huston  says  it  is  too  late  for  the  Internet  to 
avoid  creating  a  way  for  ISPs  to  transfer  their 

See  Addresses,  page  17 


BY  DENISE  DUBIE 

Virtualization  is  taking  enterprises  by  storm, 
and  ill-prepared  IT  managers  might  find  them¬ 
selves  struggling  with  a  proliferation  of  virtual 
machines,  increased  configuration  complexity 
and  other  management  issues  that  come  with 
widely  deploying  virtual  servers. 

Yet  IT  cannot  be  blamed,  industry  watchers 
say  because  most  traditional  management 
tools  updated  to  take  on  virtual  servers  don’t 
do  the  job  adequately 

“The  larger,  established  management  ven¬ 
dors  arrived  late  to  managing  virtual  servers 
because  ultimately  they  approached  it  as 
though  it  was  just  another  operating  system,” 
says  Andi  Mann, research  director  at  Enterprise 
Management  Associates.“Add-ons  to  traditional 
tools  are  not  enough,  and  there  are  big  gaps  in 


the  market  across  different  disciplines,  such  as 
patch  management,  configuration  manage¬ 
ment,  discovery  and  inventory’ 

Those  technology  gaps  have  financial  ana¬ 
lysts  bullish  on  start-ups  offering  products  that 
install  easily,  track  VMs  from  inception  to 
destruction  and  essentially  approach  manag¬ 
ing  a  heterogeneous  virtual  environment  in  a 
whole  new  way.  “It  is  an  early  and  dynamic 
market.  We  will  see  lots  of  competitive  entry  in 
this  space,”  says  Lars  Leckie,  an  associate  at 
Hummer  Winblad  Venture  Partners,  which 
recently  led  a  $4.6  million  first  round  of  fund¬ 
ing  forVKernel. 

We  shine  a  spotlight  on  five  start-ups  that 
have  taken  on  the  challenge  of  managing  vir¬ 
tual  worlds.  (All  claim  to  have  customers,  but 

See  Virtualization,  page  14 
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SUBTRACTION. 

Take  away  the  jungle  of  cables.  Take  away  the  so- 
called  "normal"  energy  requirements  and  maintenance. 
What  do  you  have?  Introducing  the  HP  BladeSystem 
c3000.  All  the  technology  of  our  larger  BladeSystem 
in  an  efficient,  compact,  affordable  package. 


Technology  for  better  business  outcomes. 


Powered  by  the  Quad-Core  Intel  5  Xeon*  Processor1 


See  how  less  is  more.  Visit  hp.com/go/nocompromise13 

1-888-225-7558 


1 .  Intel,  the  Intel  logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  o<  Intel  Corporation  in  the  U.S.  and  other  countries. 
The  information  contained  herein  is  subject  to  change  without  notice.  ©  2008  Hewlett-Packard  Development  Company,  L.P. 


PEERSAY 


Can  we  trust  the  government? 

Re:  “Lockheed  wins  10-year  FBI  biometric 
contract”  (www.nwdocfinder.com/3742): 
My  problem  with  this  is  not  that  the  FBI  is 
collecting  more  biometrics  data.  They 
already  have  more  information  about  peo¬ 
ple  of  interest,  former  military,  former  gov¬ 
ernment  employees,  etc.,  than  you  can 
probably  imagine.  No,  the  problem  I  have 
with  this  is  that  a  government  agency  is 
going  to  collect  addi¬ 


tional  information  a- 
bout  individual  iden¬ 
tities  when  no  gov¬ 
ernment  agency  has 
proved  to  my  satis¬ 
faction  that  it  is  capa¬ 
ble  of  adequately 
protecting  sensitive 
data.  Sometimes  I 
feel  like  giving  my 
personal  information 
to  the  government  is 
like  posting  it  on  the 
Internet.  Let’s  see  — 
how  many  times  has 
theVA  lost  my  information? 


**The  problem  I  have  is  that 
a  government  agency  is 
going  to  collect  additional 
information  about  individual 
identities  when  no  govern¬ 
ment  agency  has  proved  to 
my  satisfaction  that  it  is 
capable  of  adequately  pro¬ 
tecting  sensitive  data.55 


’ve  lost  count. 

Torn  Olzak 

Discuss  at  www.nwdocfinder.com/3743 

Can  we  trust  social  networks? 

Re:  “Aggregating  social  network  data” 
(www.nwdocfinder.com/3744):  What  hap¬ 
pens  if  you  have  people  in  your  social  net¬ 
work  who  didn’t  want  to  be  or  have  no 
knowledge  of  it?  There  is  increasingly  a  loss 
of  control.  As  the  use  of  these  sites  is 
becoming  more  popular,  I  always  wonder 
about  the  people  who  have  their  privacy 
violated  without  their  knowledge  on  these 
sites.  For  example,  you  can  tag  people  in 
photos  on  Facebook  even  if  they  are  not  a 
Facebook  member.  Right  away  those  peo¬ 
ple  have  two  pieces  of  hugely  important 
bits  of  identity  lost  (their  picture  and 
name)  from  them  without  ever  having  been 
asked.  In  this  scenario,  people  are  losing 
choice  and  control  of  their  own  identity 
and  associated  data  because  Internet-y 
people  want  to  aggregate  and  potentially 

►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■ 


■  ■ 


■  ■ 


■  ■■ 


i  ■■ 
■  ■■ 
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■  ■■ 


■  ■ 


■  ■■■  ■ 


To  get  the  client 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 


publish  their  social  network. 

Andy  Hunt 

Discuss  at  www.networkworld.com/3745 

The  successor  to  Fibre 
Channel  over  Ethernet 

Re:  “FCoE  and  the  Nexus  7000  —  it’s  only 
temporary,  iSCSI  will  win”  (www.nwdocfind 

er.com/3746):  Clearly 
the  writing  is  on  the 
wall  for  native  Fibre 
Channel’s  long-term 
survival.  Which  tech¬ 
nology  dethrones  the 
king  will  depend  on 
many  factors. 

ISCSI  makes  sense 
for  SMB  and  where 
performance  and  con¬ 
nectivity  to  existing 
Fibre  Channel  storage 
are  not  high  priorities. 

FCoE  at  lOGbps  will 
provide  high  perform¬ 
ance,  connectivity  to  existing  FC  devices  via 
simple  gateways  and  leverage  of  SAN  man¬ 
agement  tools. 

As  customers  look  towards  alternatives  to 
Fibre  Channel,  they  can  also  consider 
InfiniBand-connected  storage  using  SRP  or 
NFS  over  RDMA.  This  especially  makes  sense 
for  customers  building  InfiniBand-connected 
clusters  and  when  low  latency  and  high  band¬ 
width  are  very  important. 

Graham  Smith 

Discuss  at  www.nwdocfinder.com/3746 

Needs  some  Sage  advice 

Re:“Complex  software?  Plan  to  fail!”  by  Mark 
Gibbs  (www.nwdocfinder.com/3747):  I  work 
in  IT  for  a  small  regional  bank  and  was  put  in 
charge  of  inventory  of  all  tech  assets.The  bank 
purchased  Sage  FAS  100  asset  accounting  and 
inventory  to  do  this. 

So  I  learned  the  software,  contacting  “sup¬ 
port”  when  I  ran  into  problems.  Like  you  said 
in  your  column,  the  devil  is  in  the  details.  The 
software  doesn’t  do  normal  things  that  even 
Microsoft  Excel  can  do!  I  spent  weeks  on  the 
phone  back  and  forth  with  “support”  trying  to 
figure  out  something  as  simple  as 
hiding/showing  fields  for  various  assets. 
Finally  a  tech  agent  was  lucky  enough  to  run 
into  someone  from  development  who  told 
him, “FAS  doesn’t  support  that  option.” 

I  can  only  imagine  the  hell  that  is  an  ERP 
package  from  this  company. 

If  you  have  any  suggestions  for  asset  inven¬ 
tory  solutions,  I’m  all  ears!  (Although  we  are 
basically  stuck  with  Sage  . . .) 

Greg  Evans 

Discuss  at  www.nwdocfinder.com/3748 

E-mail  letters  to  jdix@nww.com  or  send  them  to 
John  Dix,  editor  in  chief,  Network  World,  118 
Turnpike  Road,  Southborough,  MA  01 772.  Please 
include  phone  number  and  address  for  verification 
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»  Feeling  the  heat  from  outraged  end  users?  Poor  application  performance  is  a  liability  you 
can’t  afford,  so  contact  Juniper. 

Juniper  Networks  is  the  leader  in  high-performance  networking.  We  deliver  LAN-like 
availability  to  everyone,  everywhere  —  no  matter  how  remote  —  through  one  of  the  most 
complete  application  performance  solutions.  So  accelerate  applications,  optimize 
bandwidth,  enhance  security,  streamline  delivery,  and  get  amazing  network  visibility  —  all 
while  reducing  costs.  And  all  with  standards-based  platforms  that  leverage  your  current 
infrastructure  investment  while  accelerating  newly  deployed  applications.  The  best 
solutions,  the  best  economics,  happy  employees.  Only  Juniper  makes  any  network  a 
high-performance  network:  www.juniper.net/applicationperformance 


Juniper  _ 
C/Net. 


1.888. JUNIPER 
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COOL  TOOLS: 


IDG  NEWSWIRE: 


IDG  NEWSWIRE: 


A  Bluetooth  walkie- 
talkie? 

Callpod’s  Dragon  Blue¬ 
tooth  headset  works 
with  your  mobile  phone, 
but  can  also  pair  up 
with  a  second  Dragon 
unit  to  create  a  full- 
duplex  voice  channel  for 
two  people  to  talk  to 
each  other. 

www.nwdocfinder.com/3757 


Tank-to-tank 

networking 

Japan’s  C4I  (Command, 
Control,  Commun¬ 
ications,  Computing 
and  Intelligence)  sys¬ 
tem  on  a  tank  can 
share  information  with 
nearby  tanks. 

www.nwdocfinder.com/3758 


Android  concepts 
come  to  life 

Google’s  Android  soft¬ 
ware  platform  for 
mobile  phones  gets  the 
prototype  treatment  at 
Barcelona's  Mobile 
World  Congress  2008. 

www.nwdocfinder.com/3759 
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White  Castle  satisfies  craving 
for  user  authentication 


BLOGOSPHERE 


■  Identity  theft,  online  fraud  lead  FTC 
top  20  consumer  complaints  in  2007.  The 

Layer  8  blog  reports:  “The  Federal  Trade 
Commission  today  released  the  list  of  top 
consumer  fraud  complaints  for  2007  and 
showed  that  for  the  seventh  year  in  a  row, 
identity  theft  is  the  number  one  problem.  Of 
813,899  total  complaints  received  in  2007, 
258,427,  or  32%,  were  related  to  identity  theft. 
Consumers  reported  fraud  losses  totaling 
more  than  $1.2  billion;  the  median  monetary 
loss  per  person  was  $349,  the  report  states. 
The  report  also  breaks  out  complaint  data  on 
a  state-by-state  basis,  and  the  metropolitan 
areas  with  the  highest  per-capita  rates  of 
reported  consumer  fraud  complaints  are  Al- 
bany-Lebanon,  Ore.;  Greeley,  Colo.;  and 
Napa,  Calif.”  www.nwdocfinder.com/3752 

■  Nortel  taunts  Cisco:  Nexus  ain’t  a 
Lexus.  Cisco  Subnet  blogger  Brad  Reese 
writes:  “In  his  most  recent  blog  entry, 
[Nortel’s]Tony  Rybczynski  suggests  reading 
the  fine  print  of  the  Cisco  Nexus  7000.  ‘So  if 
the  Nexus  is  no  Lexus,  with  questionable 
quality,  performance  and  reliability,  then 
what  exactly  is  it?  It’s  touted  as  a  unifying 
data  center  platform  but  doesn't  even  sup¬ 
port  Fibre  Channel.  Or  does  it  mark  the 
beginning  of  the  end  for  the  Catalyst  6500?” 
Reese  asks,  “Do  you  concur?" 
www.nwdocfinder.com/3753 

■  Meet  the  latest  entrant  in  the  “iPhone 
killer.”  Cool  Tools  Keith  Shaw  writes:  "At 
the  Mobile  World  Congress  2008  show  in 
Barcelona,  Sony  Ericsson  and  Microsoft 
announced  the  Xperia  XI  device,  a  new 
Windows  Mobile  phone  that  includes  mobile 
Web  communication  features,  multimedia 
entertainment  and  other  premium  features. 
The  arc-slider  phone  will  be  available  ‘in 
selected  markets'  starting  in  the  second  half 
of  2008,  Sony  Ericsson  said.  The  Xperia  XI 
has  a  3-inch  wide  touch-screen  VGA  display, 
and  a  full  qwerty  keyboard  that  slides  out  (in 
an  arc!)  from  underneath  the  display. 
Running  the  Windows  Mobile  OS,  the  phone 
is  designed  for  users  who  want  one  phone  for 
business  and  personal  usage.  Microsoft  says 
its  vision  is  to  make  the  concept  of  'One 
Phone  for  Your  Life’  a  reality.”  www.nw 
docfinder.com/3754 

■  Yahoo  itching  in  its  own  skin. 

Microsoft  Subnet  blogger  Mitchell  Ashley 
writes:  “Do  you  get  the  sense  that  the 
options  for  Yahoo  are  slowly  diminishing? 
After  rebuking  Microsoft's  unsolicited  offer, 
it’s  not  clear  which  of  the  industry  gunfight- 
ers  will  move  next,  Yahoo  or  Microsoft.” 
www.nwdocfinder.com/3755 


Technology  executive:  For  more  than  80 
years,  White  Castle  restaurants  have  created 
cravings  for  their  signature  hamburgers 
called  Slyders.You  might  think  that  a  com¬ 
pany  founded  in  1921  would  be  slow  on  the 
uptake  of  cutting-edge  information  technol¬ 
ogy.  Not  so  for  White  Castle.This  company 
has  found  a  recipe  for  saving  millions  of 
dollars  a  year  on  processing  paperwork  for 
its  12,000  employees,  and  one  of  the  ingre¬ 
dients  is  biometrics. 
www.nwdocfinder.com/3749 

Wireless:  Mobility  has  become  a  mass  phe¬ 
nomenon  that  should  be  causing  enterprises 
to  take  a  close  look  at  their  wireless  spend. 
Monthly  fees  are  often  buried  in  departmen¬ 
tal  expense  reports  or  otherwise  insidiously 
draining  coffers  as  monthly  plans  and  negoti¬ 
ated  corporate  discounts  go  unoptimized.  A 
number  of  experts  offered  advice  at  the 
recent  Mobile  Explosion  ’08  conference  on 
how  to  better  manage  cellular  activity  within 
enterprises  to  tame  costs.  1  mentioned  some 
of  them  in  the  last  newsletter.  I  wanted  to 
point  out  a  potential“gotcha”when  it  comes 
to  taking  experts  up  on  one  tip,  which 
involves  including  cellular  devices  for 


employees’  personal  use  in  your  RFP 

www.nwdocfinder.com/3750 

Identity  management:  The  recent  Societe 
Generate  trading  scandal  is  being  portrayed 
by  many  as  another  example  of  the  poor 
security  that  passwords  provide  (see,  for 
example, “Forgotten  IT  chores  may  have  led 
to  bank  meltdown”).  But  digging  further  into 
the  tale  of  “rogue”  trader  Jerome  Kerviel 
reveals  another  distinctly  plausible  cause  of 
the  problem.  It’s  been  reported  that  oversight 
and  risk  management  were  in  short  supply  at 
the  French  banking  concern,  but  —  as  a 
number  of  correspondents  have  pointed  out 
to  me  —  governance,  the  “G”  in  GRC  (Gov¬ 
ernance,  Risk  Management,  Compliance)  was 
most  likely  the  major  cause  of  Kerviel’s  ability 
to  bypass  what  little  security  was  in  place.  In 
fact,  he  really  didn’t  “bypass”  any  security  as 
far  as  we  know.  He  did  use  multiple  pass¬ 
words  and  accounts  (which,  evidently,  were 
traded  amongst  the  traders  willy-nilly)  but  the 
real  “secret”  to  the  scandal  was  the  amount  of 
entitlements  that  Kerviel  built  up  as  he 
moved  from  one  position  to  another,  and 
from  one  department  to  another. 
www.nwdocfinder.com/3751 
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Your  organization  is  global  and  so  is  your  IT  infrastructure.  Some  days  that  means 
you  need  to  operate  and  solve  problems  in  12  time  zones.  With  Avocent,  you  can 
solve  most  any  crisis  that  the  network  gremlins  can  throw  at  you  without  leaving 
your  desk  or  using  your  passport. 


Avocent  infrastructure  solutions  put  complete  manageability  at  your  fingertips.  We’ve  combined  our  innovative 
and  powerful  hardware  and  easy-to-use  software  to  enable  remote  access  and  control  of  literally  any  system  on 
the  planet.  At  anytime.  From  anywhere. 
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SCO  in  line  for  $1 OOM  bailout 

Embattled  SCO  Group  reached  an  agreement  with  a  private 
equity  firm  that  plans  to  provide  the  vendor  as  much  as 
$100  million  and  take  SCO  private.  SCO,  nearly  ruined  by 
its  own  litigation  rampage  that  ended  with  a  federal  judge  rul¬ 
ing  that  Novell  owned  the  Unix  copyright,  has  been  in  Chapter 
11  bankruptcy  since  September.  Last  Thursday,  however, 

Stephen  Norris  Capital  Partners  and  partners  from  the  Middle  East  stepped  up 
with  $100  million  and  a  reorganization  plan  for  SCO  that  includes  new  product 
lines.  The  private  equity  firm,  which  is  based  in  New  York,  said  it  would  see  SCO's 
legal  claims  "through  to  their  full  conclusion."  Once  the  proposed  agreement  is 
finalized,  SCO  CEO  Dari  McBride  would  reportedly  be  required  to  resign. 
www.nwdocfinder.com/3762 


Forrester  slashes  IT  spending  forecast. 

As  CIOs  prep  for  what  could  become  a  U.S. 
economic  recession,  Forrester  Research 
has  revised  its  earlier  forecast  for  a  4.6% 
increase  in  U.S.  purchases  of  IT  goods  and 
services  down  to  a  more  modest  2.8%. The 
research  firm  says  it  based  the  updated 
numbers  on  newly  available  economic 
data  that  points  toward  a  slight  recession 
in  the  United  States  that  will  impact  IT 
spending  for  more  than  half  of  this  year. 
Forrester  also  forecasts  that  Canada  and 
Latin  America  will  see  spending  slow. 
"While  it  is  by  no  means  certain  that  the 
U.S.  economy  will  in  fact  experience  a 
recession,  the  risks  of  one  are  high  enough 
to  justify  a  more  conservative  outlook  for 
the  IT  market,"  said  Forrester  Vice 
President  Andrew  Bartels. 
www.nwdocfinder.com/3763 

Hillary  Clinton  spam  sighted  in  the 
wild.  The  Hillary  Clinton  election  campaign 
is  being  exploited  in  a  spam  message  that 
tries  to  trick  users  into  downloading  a  Trojan 


Network  World's  2008  IT 
Roadmap  Conference  &  Expo 
tour  stops  in  Denver  on  March  4 
before  heading  to  Chicago. 

REGISTER  AT: 
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to  their  desktops  by  pretending  to  offer  a  link 
to  a  video  of  a  campaign  speech.  "It's  the  first 
time  we've  seen  spam  like  this  targeting  Hil¬ 
lary  Clinton,"  says  Doug  Bowers,  Symantec's 
senior  director  of  anti-abuse  engineering.The 
U.S.  presidential  campaign  is  in  full  swing,  but 
the  only  other  candidate's  name  being 
abused  for  malware  purposes  in  this  way  is 
Ron  Paul,  according  to  Symantec. 
www.nwdocfinder.com/3764 

Microsoft  executive  shakeup  prepares 
for  Yahoo  acquisition.  Microsoft  con¬ 
firmed  a  number  of  high-level  executive 
changes,  moves  that  could  be  designed  to 
better  position  the  company  to  digest  an 
acquisition  of  Yahoo.  In  addition  to  a  number 
of  executive  promotions,  Microsoft  an¬ 
nounced  that  Bill  Veghte,  senior  vice  presi¬ 
dent  of  the  Online  Services  and  Windows 
Business  Group;  Satya  Nadella,  senior  vice 
president,  Search,  Portals  and  Advertising 
Group;  and  Brian  McAndrews,  senior  vice 
president  of  Microsoft's  Advertiser  and 
Publisher  Solutions  Group,  are  all  taking  on 
new  responsibilities  in  running  Microsoft's 
online  services,  including  Windows  Live, 
Search  and  MSN.  Microsoft  may  be  position¬ 
ing  Nadella  to  take  on  the  responsibility  of 
the  technical  integration  of  Yahoo  if  the 
acquisition  happens,  says  Rob  Helm,  an  ana¬ 
lyst  at  Directions  on  Microsoft.  "Microsoft  is 
anticipating  a  shift  in  its  online  strategy 
around  the  purchase  of  Yahoo,  which  means, 
among  other  things,  that  they're  replacing 
people  running  the  old  strategy,"  he  says. 
www.nwdocfinder.com/3765 

Sun  buys  open  source  desktop  virtual¬ 
ization  vendor.  Sun  has  acquired  Innotek, 
an  open  source  desktop  virtualization  vendor 
that  makes  software  targeted  at  developers 
who  want  to  build,  test  and  run  applications 
on  multiple  operating  systems.  Sun  acquired 
the  small  company  in  a  stock  purchase,  but 
did  not  disclose  the  terms  of  the  deal.  Inno- 
tek'sVirtualBox  product  lets  PCs  running 
Windows,  Linux,  Mac  or  Solaris  run  multiple 


operating  systems  side-by-side. VirtualBox  will 
remain  free  of  charge  under  Sun  and  be 
placed  in  the  company's  xVM  portfolio  of  vir¬ 
tualization  products. 

www.nwdocfinder.com/3766 

Lawmakers  introduce  new  net  neutral¬ 
ity  bill.  Two  lawmakers  have  introduced  leg¬ 
islation  that  would  prohibit  broadband 
providers  from  blocking  or  impairing  Web 
content  from  competitors.  Representatives  Ed 
Markey  (D-Mass.)  and  Chip  Pickering  (R- 
Miss.)  introduced  the  Internet  Freedom 
Preservation  Act. The  bill  says  it  is  U.S.  policy 
to  "guard  against  unreasonable  discriminato¬ 
ry  favoritism  for,  or  degradation  of,  content  by 
network  operators  based  upon  its  source, 
ownership,  or  destination  on  the  Internet." 
The  bill  also  would  require  the  FCC  to  open  a 
proceeding  on  broadband  services  and  con¬ 
sumer  rights.The  FCC  would  be  required  to 
investigate  whether  broadband  providers 
have  adhered  to  its  August  2005  policy  that 
providers  should  refrain  from  blocking  or 
interfering  with  Web  content. 
www.nwdocfinder.com/3767 

Novell  acquires  open  source  collabora¬ 
tion  vendor.  Seeking  a  real-time  makeover 
for  its  collaboration  wares,  Novell  has 
acquired  SiteScape,  a  developer  of  open 
source  collaboration  tools.  Last  year,  the  two 
began  a  partnership  that  resulted  in  Novell 
Teaming  +  Conferencing,  which  is  based  on 
SiteScape's  ICEcore  platform  for  Web-based 
team  workspaces  and  real-time  conferencing. 
Novell  plans  to  continue  to  offer  Teaming  + 
Conferencing  as  well  as  support  other 
SiteScape  tools  at  least  through  2010,  includ¬ 
ing  Forum  ZX  and  ST,  which  provide  chat, 
threaded  discussion,  blogs,  wiki,  workflow, 
and  document  sharing.  Novell's  current 
GroupWise  collaboration  platform  had  been 
missing  much  of  the  real-time  and  Web  2.0 
technologies  that  are  beginning  to  define  the 
next  wave  of  collaboration. 
www.nwdocfinder.com/3768 

Not  enough  IT  workers  on  staff,  survey 
finds.  A  shortage  of  IT  workers  on  staff  is  the 
top  IT-related  concern  of  C-level  executives, 
according  to  research  commissioned  by  the 
IT  Governance  Institute.  Close  to  60%  of  749 
CEOs,  CIOs  and  other  C-level  executives 
reported  that  an  insufficient  number  of  IT 
staff  continues  to  pose  a  problem  in  their 
organization. That  number  has  grown  since 
2005,  when  35%  of  those  polled  in  a  similar 
survey  reported  insufficient  IT  staff  as  an 
issue.  Close  to  50%  said  IT  service  delivery 
problems  are  the  second  most  common 
problem  they  have  experienced  with  IT  in 
the  past  12  months,  and  more  than  one-third 
(38%)  consider  staff  with  inadequate  skills  a 
common  problem. 
www.nwdocfinder.com/3769 
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Introducing  the  Efficient  Enterprise: 
more  power,  more  control,  more  profits 

Can  your  legacy  system  say  the  same? 

Legacy  systems  work  fine  for  brute-force  cooling  the  entire  room,  but 
skyrocketing  energy  costs  make  them  fiscally  irresponsible  and  their 
fundamentally  oversized  design  makes  them  incapable  of  meeting  today's 
high-density  challenges.  Even  worse,  power  and  cooling  waste  may  actually 
prevent  you  from  purchasing  much-needed  new  IT  equipment.  Simple  problem, 
simple  solution.  Cut  your  power  and  cooling  costs  and  use  the  savings  to  buy 
the  IT  equipment  you  need. 

Gartner  Research  predicts  that  by  2008,  50%  of  today's  data  centers  will  have 
insufficient  power  and  cooling  capacity  to  meet  the  demands  of  high-density 
equipment.  Power  and/or  cooling  issues  are  now  the  single  largest  problem 
facing  data  center  managers. 
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The  Efficient  Enterprise “  cooling  is  so  predictable, 
we  guarantee  it.  Implement  an  InfraStruXure® 
solution  with  hot  air  containment  and  close- 
coupled  cooling  and  be  eligible  for  our  $150,000 
Thermal  Guarantee ™-  the  industry's  only  heat 
defense  policy. 


CONTAIN  THE  HEAT 

Ensure  cooling  efficiency  by  containing  the  heat 
and  eliminating  expensive  temperature  cross¬ 
contamination.  Our  Hot  Aisle  Containment  System 
reduces  operational  expenses  by  as  much  as  50% 
over  legacy  approaches. 


There's  only  so  much  power  and  money  to  go  around 

Your  service  panel  limits  the  amount  of  power  available.  Your  budget  limits  the 
amount  of  money.  You  have  to  stretch  every  bit  of  both  as  far  as  you  can. 

What  you  need  is  the  APC  Efficient  Enterprise™ 
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thermal  predictability.  An  Efficient  Enterprise  earns  you  money  through  the  pre¬ 
planned  elimination  of  waste.  For  example,  simply  by  switching  from  room  to 
row-oriented  cooling,  you  will  save,  on  average,  31  %  of  your  electrical  costs. 
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NEWS  ANALYSIS 


Microsoft  ships  6  critical 


patches 


The  deadly  duo 

Two  patches  rated  “important”  that  were  part  of  the  11  released  last  week 
by  Microsoft  can  create  a  serious  problem  in  combination,  and  should  have 
been  rated  “critical,”  according  to  some  experts. 


Patches 

Affected 

software 

Description 

Potential 

consequence 

MS08-005 

Internet 

Information 

Server  versions 

5.0,  5.1,  6.0,  7.0 

Users  can  execute 
code  and  change 
privileges  on  the 
machine. 

Hacker  can  upgrade 
privileges  from  user 
to  admin. 

MS08-006 

Internet 

Information 

Server  versions 

5.1,  6.0 

Uses  can  execute 
code  and  install 
hacker  tools,  get 
shell  access  and 
install  software,  such 
as  port  redirectors. 

Hacker  controls 
machine  and  can 
launch  stealth 
attacks  on  other 
machines  on  the 
same  network. 

BY  JOHN  FONTANA 

Microsoft  last  week  released  11  security 
patches,  six  with  the  highest  rating  of  “critical,” 
that  span  Windows,  Office  and  Internet 
Explorer.  Some  say  however,  it  is  a  combination 
of  two  noncritical  vulnerabilities  that  should 
catch  the  eye  of  corporate  IT. 

Of  the  six  critical  vulnerabilities,  none 
requires  any  more  user  interaction  than  open¬ 
ing  a  document  or  visiting  a  malicious  Web 
site.  All  six  let  an  attacker  take  complete  con¬ 
trol  of  a  user’s  machine. 

The  vulnerabilities  affecting  Internet  Ex¬ 
plorer  as  part  of  Bulletin  MS08-010  are  trou¬ 
bling,  experts  say,  because  of  the  wide¬ 
spread  use  of  IE  6  and  IE  7,  which  are  both 
at  risk. 

“In  the  past,  a  lot  of  the  IE  stuff  has  been 
around  the  scripting  engines,  but  this  is  in  the 
core  HTML-rendering  engine,”  says  Don 
Leatham,  director  of  solutions  and  strategy  at 
Lumension  Security 

Office,  another  widely  used  client,  is  vulnera¬ 
ble  in  critically  rated  patches  MS08-008,  -009,  - 
012  and -013. 

“I  would  tell  my  mom  to  install  010  first,  but 
corporate  users  should  install  006  and  005 
first,”  says  Eric  Schultze,  CTO  of  Shavlik 
Technologies.  (See  graphic.)  He  says  MS08-005 
and  MS08-006,  while  rated  important,  can  be 
viewed  as  critical  because  they  allow  a  hacker 
to  gain  control  of  a  Web  server  and  escalate 
privileges  from  user  to  admin.“With  the  combi¬ 
nation  of  006  and  005, 1  can  remotely  attack 
your  Web  site  and  become  an  administrator’’ 
he  says.“Each  one  is  rated  important,  but  I  call 
them  critical  in  both  cases.” 

“006  is  back  to  the  days  of  Code  Red 
where  you  can  execute  code  on  a  Web  serv¬ 
er,”  Schultze  says. “That  means  I  can  execute 
TFTP  [Trivial  File  Transfer  Protocol]  and 
have  TFTP  come  back  to  my  machine  and 
upload  hacker  tools.  I  can  end  up  with  a  C 
prompt  of  your  Web  server.  I  can  have  shell 
access  to  your  Web  server  as  a  user.  I  call 
that  critical  right  away.  I  can  install  a  port 
redirector  on  that  system  so  1  can  attack 
other  system  in  the  DMZ  and  use  the  port 
redirector  to  bypass  your  firewalls  and  fil¬ 
tering  rules.” 

Shultze  says  the  final  dagger  comes  with  the 
MS08-005  patch.“Combine  that  with  005,  which 
allows  a  user  of  a  Web  server  to  become 
administrator  of  a  Web  server.  So  I  just  hacked 
you  with  006  and  now  as  a  user  I  can  run  more 
code  to  become  an  admin.” 

The  last  time  Microsoft  had  as  many  patches 
rated  critical  was  last  May  when  it  had  seven. 
The  last  time  it  had  more  than  1 1  patches  was 
February  2007,  when  12  were  issued. 

The  other  five  patches  for  February  2008  are 
rated  important  and  affect  Active  Directory  the 
Windows  TCP/IP  stack,  Internet  Information 


Server  and  Office. 

“There  are  a  number  of  concerns,  and 
with  so  many  critical  vulnerabilities  it  really 
will  be  on  an  organization-by-organization 
basis  as  far  as  where  people  start,”  says 
Jonathan  Bitle,  director  of  technical 
account  management  for  Qualys.  “Office 
and  Internet  Explorer  are  two  really  key 
business  tools,  so  the  fact  that  a  number  of 
these  address  Office  and  IE  means  those 
patches  are  probably  the  single  largest  con¬ 
cern  for  most  people.” 

The  patch  releases  are  part  of  Microsoft’s 


Buzz 

continued  from  page  52 

Did  it  get  you  what  you  wanted? 

It  worked  great.  Certainly  it  took  a  tactic 
(ignore  calls,  do  not  engage)  away  from  my 
former  employer,  and  I  know  that  it  directly 
generated  internal  dialogue  (Why  is  caller  ID 
not  working  right  for  my  phone.  How  did  he 
do  that?  Is  he  allowed  to  do  that?)  which  was 
the  objective  of  the  exercise. . .  .1  got  100  per¬ 
cent  of  what  I  was  owed. 

Having  used  the  service  yourself,  how  could  you 
see  it  being  abused? 

Say  you  receive  a  call  from  your  bank 
telling  you  that  your  card  is  suspected  of  hav¬ 
ing  had  fraudulent  use.The  caller  ID  says  it’s 
your  bank  and  the  toll-free  number  is  the  real 
number  of  their  fraud  department.You  trust 
the  caller  ID  displayed  and  provide  all  the 
information  needed  for  Boris  in  Estonia  to 
rob  you  blind. 

Telemarketers  could  use  this  mercilessly 
Collections  agencies  (kind  of  the  role  I  was 


Patch  Tuesday,  which  falls  on  the  second 
Tuesday  of  each  month.  Last  week,  as  part  of  its 
monthly  preliminary  announcement,  Micro¬ 
soft  said  it  had  12  patches  and  seven  critical 
vulnerabilities,  so  clearly  the  company  is  still 
working  to  patch  one  other  flaw. 

Schultze  says  the  preliminary  announce¬ 
ment  sent  to  him  last  week  specifically  men¬ 
tioned  the  seventh  critical  vulnerability  as  a 
“Jscript/VBScript”  issue. 

Microsoft  competitor  Apple  also  released 
11  fixes  for  its  software,  including  Mac  OS 
10.5,  Safari  and  Mac  OS  Directory  Services.  ■ 


forced  into)  could  avoid  creditor  call  screen¬ 
ing.  Stalkers  could  use  this  to  harass  their  vic¬ 
tims.  . .  .The  truth  is  caller  ID  is  near  ubiqui¬ 
tous,  it  is  trusted  info  by  most  people,  and  the 
abuse  or  fraudulent  usage  of  such  a  service 
should  be  very  severely  punished. 

Yet  you  went  ahead  and  used  it  anyway? 

Yep,  sure  could  appear  to  be  hypocrisy  and 
I’m  not  sure  that  it  isn’t.  I’m  not  convinced 
that  we  do  have  tough  enough  (or  clear 
enough)  laws  to  penalize  misrepresentation 
of  caller  ID  for  criminal  purposes,  and  there 
is  nothing  that  Spoofcard  did  that  I  can  see 
that  would  prevent  its  misuse  (like  announc¬ 
ing  “Spoofcard,  this  call  is  purely  for  entertain¬ 
ment  purposes”  when  the  call  connected; 
callback  with  “Spoofcard,  the  last  call  your 
received  was  a  joke”,  etc.).  I  feel  like  a  farmer 
that  once  used  fertilizer  and  diesel  to  blow 
up  a  tree  stump:  Sure  was  easy,  worked  great, 
cheap, didn’t  hurt  anyone... but  what  could  a 
bad  guy  do  with  this? 

Spoof  comments  to  buzz@nww.com. 
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Save  Power.  Save  Space. 

Save  Money.  Save  the  Planet. 
(Be  an  IT  Hero.) 


See  how  Sun's  new  Eco  Innovation"’  Initiative  can  help  you  cut  your 
energy  costs  by  60%,  increase  your  server  efficiency  by  as  much  as 
85%  and  consolidate  your  datacenters  by  up  to  75%,  all  with  a  simple 
3-step  approach:  assess,  optimize  and  virtualize.  With  open  source 
Solaris';  virtualization  is  free,  making  it  easier  for  you  to  get  maximum 
utilization  of  your  resources.  See  how  faster  can  be  cooler,  better  can 
be  cleaner  and  cheaper  can  be  greener. 


Good  for  your  business.  Good  for  our  planet. 


Get  energy-efficient  systems  at  sun.com/ecoinnovation. 
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ULTRASPARC*^ 


Who  needs  expensive,  proprietary  virtualization  software  when,  hey,  you  can  get  it  free  with  open  source  Solaris. 

©  2007  Sun  Microsystems,  Inc.  All  rights  reserved.  All  logos  and  trademarks  are  property  of  their  respective  owners. 
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none  were  willing  to  name  them.) 

Embotics 

Founded:  April  2006 

Headquarters:  Ottawa,  Ontario 

Management:  Jay  Litkey  founder,  president 
and  CEO,  also  founded  Symbium,  a  company 
that  focused  on  autonomic 
computing  and  the  automated 
management  of  IT  infrastruc¬ 
ture.  Embotics  acquired  the 
development  team  and  tech¬ 
nology  of  Symbium  and 
worked  to  apply  it  to  virtual 
server  management. 

Funding:  Privately  funded  by 
angel  investors. 

What  company  offers:  V-Commander  soft¬ 
ware,  which  became  generally  available  in 
December  2007,  provides  centralized,  policy- 
based  management  of  VMs.  The  software 
tracks  aVM  throughout  its  entire  life  cycle. 

Why  it’s  worth  watching:  “Embotics  is  coming 
at  the  problem  of  managing  VMs  from  a  broad, 
long-range  view,  incorporating  inventory  usage, 
managing  resources,  applications  and  the  poli¬ 
cies  that  apply  along  the  duration  of  the  VM’s 
life  cycle”  says  Rich  Ptak,  founder  and  principal 
analyst  at  Ptak,  Noel  &  Associates. 

Where  company  got  its  name:  CombineD 
the  idea  of  embedded  autonomies  —  which 
are  essential  to  managing  virtual  environments 
—  to  come  up  with  Embotics. 

Fortisphere 

Founded:  October  2006 

Headquarters:  Chantilly Va. 

Management:  Michael  Harper,  CEO  and 
president,  formerly  held  positions  with  IBM 
and  USinternetworking;  John  Suit,  principal 
founder  and  CTO,  previously  founded  and 
served  as  CTO  at  SilentRunner,  a  company 
acquired  by  CA. 

Funding:  $10  million  in  Series  A  funding  in 
November  2007,  led  by  Fairhaven  Capital 
Partners  and  Globespan  Capital  Partners. 

What  company  offers:  The  Virtual  Essentials 
suite  includes  two  products: Virtual  Insight  and 
Virtual  Foresight. Virtual  Insight  runs  on  hyper¬ 
visors  from  VMware,  Microsoft  and  Citrix 
Systems  XenSource.  Once  installed,  the  soft¬ 
ware  provides  details  around  VM  configura¬ 
tions,  including  patches,  hot  fixes  and  applica¬ 
tions.  The  software  also  allows  IT  staff  to  asso¬ 
ciate  business  attributes,  such  as  owner,  func¬ 
tional  group  and  trust  level,  with  each  VM. 
Virtual  Foresight,  which  provides  policy-based 
management  and  automation  capabilities,  is 
scheduled  to  become  generally  available  in 
late  spring. 

Why  it’s  worth  watching:  “Fortisphere  is  work¬ 
ing  on  the  notion  that  configuration,  change, 
life-cycle  management  and  even  security  man¬ 
agement  of  VMs  will  help  desktop,  server  and 
storage  pros  get  in  front  of  management  issues 
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around  virtualization,”  says  Stephen  Elliot,  a 
research  manager  at  IDC.“For  many  organiza¬ 
tions,  the  performance  management  require¬ 
ments  don’t  change  when  they  go  from  physi¬ 
cal  to  virtual  servers,  and  a  complete  life-cycle 
approach  will  have  to  be  put  in  place  to  meet 
those  requirements.” 

Where  company  got  its  name:  Fortisphere 
executives  wanted  to  convey  the  security  and 
control  that  effective  monitoring  and  policy- 
based  management  would 
deliver  to  the  virtual  sphere 
and  combined  “fortis”  — 
which  in  Latin  means  strong 
—  with  “sphere.” 


ManagelQ 

Founded:  April  2006 
Headquarters:  Mahwah,  N.J. 

Management:  Joseph  Fitz¬ 
gerald,  co-founder  and  CEO,  previously 
served  as  CTO  and  director  of  product 
development  for  HP’s  change-  and  configu¬ 
ration-management  software  business.  He 
joined  HP  as  part  of  the  company’s  acquisi¬ 
tion  of  Novadigm,  which  Fitzgerald  also  co¬ 
founded;  Oleg  Barenboim,  CTO  and  co¬ 
founder,  also  worked  as  an  R&D  leader  at  HP 
and  previously  worked  at  Novadigm. 

Funding:  Self-funded  by  founding  members. 

What  company  offers:  Enterprise  Virtual¬ 
ization  Management  Suite  includes  technol¬ 
ogy  that  allows  the  software  to  sit  on  the  vir¬ 
tual  fabric  and  see  into  VM  containers.  With 
that  capability  ManagelQ’s  applications  can 
perform  network,  host  and  virtual-instance 
inventory  as  well  as  manage  configurations. 

Why  it’s  worth  watching:  “ManagelQ  has  a  lot 
of  experience  on  the  client  side  of  things,  and 
they  have  paid  extra  attention  to  how  to  man¬ 
age  configuration  and  change  across  a  lot  of 
endpoints,”  Elliot  says.“Most  IT  shops  will  have 
more  than  one  virtualization  platform  in¬ 
stalled,  and  that  means  a  lot  of  complexity. 
ManagelQ  has  seen  that  with  their  Novadigm 
history  and  they  are  coming  at  managing  VMs 
with  that  perspective.” 

Where  company  got  its  name:  Company 
executives  pulled  together“manage”and“IQ”to 
represent  their  goal  to  offer  customers  smart 
management  for  virtual  infrastructures. 

SignaCert 

Founded:  April  2004 

Headquarters:  Portland,  Ore. 

Management:  Wyatt  Starnes,  founder  and 
CEO,  previously  founded  change  auditing  soft¬ 
ware  vendor  Tripwire,  and  is  a  co-founder  of 
Regional  Alliances  for  Infrastructure  and  Net¬ 
work  Security  a  nonprofit,  public-private  alli¬ 
ance  formed  to  accelerate  the  deployment  of 
technology  for  homeland  security 

Funding:  $10  million  in  Series  A  funding  in 
December  2005  from  DCM-Doll  Capital 
Management,  Intel  Capital,  SmartForest  Ven¬ 
tures  and  GarageTechnology  Ventures. 

What  the  company  offers:  Enterprise  Trust 
Server  is  an  appliance-based  software- 


measurement  solution  that  captures,  orga¬ 
nizes  and  compares  what’s  actually  running 
in  your  IT  production  environment  with  what 
should  be  running  according  to  such  factors 
as  set  policies  and  known  inventory  The  com¬ 
pany  doesn’t  focus  solely  on  the  virtual  realm, 
but  Starnes  explains  its  technology  can  track 
multiple  configurations  and  changes  to  a 
degree  that  would  be  needed  in  a  virtual  envi¬ 
ronment.  “Virtualization  really  is  the  killer 
application  for  this  type  of  measured  systems 
management,”  he  says. 

Why  it’s  worth  watching:  “SignaCert  can  en¬ 
sure  virtual  systems  are  deployed  as  intended 
down  to  a  binary  level,  even  as  system  configu¬ 
rations  are  changing  because  of  patching  and 
updates.  Since  there  is  no  configuration  drift,  a 
lot  of  the  performance,  compliance  and  secu¬ 
rity  issues  are  minimized,”  says  Jasmine  Noel, 
principal  analyst  with  Ptak,  Noel.  “Since  Signa¬ 
Cert  can  deal  with  a  change  to  the  ‘as  intended’ 
part  of  the  system  configuration,  you  can 
ensure  the  most  up-to-date  version  of  the  virtual 
systems  is  deployed,  removed  or  redeployed.” 

Where  company  got  its  name:  Combines  “sig¬ 
nature”  and  “certification”  to  create  a  name  that 
reflects  the  key  technology  it  offers. 

VKernel 

Founded:  January  2007 

Headquarters:  Portsmouth,  N.H. 

Management:  Alex  Bakman,  founder  and 
CEO,  previously  founded  automation-configu¬ 
ration-management  software  maker  Ecora  Soft¬ 
ware  and  CleverSoft,  which  sold  Lotus  Notes 
monitoring  software. 

Funding:  $4.6  million  in  its  first  round  of  insti¬ 
tutional  funding,  led  by  Hummer  Winblad  and 
Polaris  Venture  Partners. 

What  company  offers:  The  Chargeback  Vir¬ 
tual  Appliance  meters  resource  use  by  depart¬ 
ments  and  automatically  e-mails  cost  visibility 
and  chargeback  reports  to  users.  The  software 
comes  with  default  chargeback  rates  and  a 
calculator  to  help  customers  quickly  deter¬ 
mine  their  own  rates.  A  second  virtual  appli¬ 
ance  determines  the  capacity  available  for 
new  VMs  and  prevents  bottlenecks  from  occur- 
ring.“We  are  delivering  capabilities  one  slice  at 
a  time,”  Bakman  explains. 

Why  it’s  worth  watching:  VKernel  gives  cus¬ 
tomers  “one  virtual  appliance  for  one  prob¬ 
lem  —  direct  and  immediate  results  without 
bringing  a  large,  complicated  suite  into  the  IT 
purchasing  department,”  says  Hummer  Win- 
blad’s  Leckie. 

Where  company  got  its  name:  The  idea  of 
the  kernel  in  an  operating  system  being  the 
essential  component  inspired  company 
founders  to  create  the  name  VKernel.  ■ 


ONLINE:  More  companies 

Senior  Editor  Denise  Dubie  highlights 
two  more  companies  worth  watching. 

www.nwdocfinder.com/3760 
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Gell/Whfi  convergence  paying  off 


SPECIAL  FOCUS:  MOBILE  CONVERGENCE 


BY  JOHN  COX 

Early  products  and  services  that  shift  voice  calls  seamlessly 
between  wireless  LAN  and  cellular  networks  are  proving  them¬ 
selves  to  enterprise  users. 


Early  adopters,  including  those  still  in  pilot 
projects,  say  the  handoff  between  two,  differ¬ 
ent  wireless  connections  is  generally  unno- 
ticeable  and  almost  always  reliable.  These 
convergence  capabilities  also  give  mobile 
phone  users  at  least  some  of  the  features 
offered  by  the  corporate  PBX,  such  as  trans¬ 
ferring  calls  or  dialing  a  four-digit  extension. 

Nevertheless  there  are  two  recurring 
issues:  the  need  for  a  pervasive  WLAN  de¬ 
signed  with  voice  in  mind,  and  the  fact  that 
the  802.11  radio  on  these  so-called  dual¬ 
mode  mobile  phones  depletes  batteries  far 
more  quickly  than  cellular  radios  do. 

The  users  interviewed  for  this  story  are 
using  two  kinds  of  solutions  for  what’s  often 
called  fixed-mobile  convergence  (FMC). 
One  is  a  behind-the-firewall  FMC  server  or 
appliance  from  a  third-party  vendor  —  from 
big  companies  such  as  Siemens  and  NEC,  as 
well  as  newer,  smaller  companies  like  Di- 
Vitas  Networks  and  Agito  Networks.The  serv¬ 
er  typically  coordinates  with  a  corporate  IP 
PBX  and  with  a  client  application  loaded 
onto  a  mobile  phone  that  has  cellular  and 
802.11  radios. 

The  other  convergence  offering  is  a  carrier 
service,  using  the  Unlicensed  Mobile  Access 
(UMA)  standard  from  the  Third  Generation 
Partnership  Project  to  shift  calls  between  an 
unlicensed  Wi-Fi  WLAN  and  a  GSM  carrier’s 
licensed  cellular  network.  In  effect,  these  ser¬ 
vices  shift  the  FMC  server  functions  to  a 
UMA  controller  on  the  carrier’s  network.  In 
the  United  States,  T-Mobile  offers  a  UMA  ser¬ 
vice  to  residential  and  business  customers. 

Wherever  it’s  located,  this  server  works  with 
the  client  application  to  detect  when  a  user 
is  moving  into  and  out  of  range  of  cellular  or 
Wi-Fi  networks.  Basically,  the  server  starts  a 
parallel  call  over  the  alternate  wireless  net¬ 
work;  when  it’s  secured,  the  server  mixes  the 
audio  from  the  two  sessions  and  drops  the 
first  wireless  connection. 

The  Washington,  D.C.-based  law  firm  of 
Orrick,  Herrington  &  Sutcliffe  has  been  trying 
out  Agito ’s  product  at  its  four-building,  Menlo 
Park,  Calif.,  campus  for  several  months  with  a 
handful  of  lawyers  and  IT  staff.  The  technol¬ 
ogy  could  give  the  firm’s  1,000  lawyers  a  sin¬ 
gle  phone  number,  on  a  single  phone,  with 
PBX  features  on  their  mobile  handsets,  and 


better  in-building  wireless  coverage  (via  a 
WLAN),  says  Patrick  Tisdale,  the  firm’s  CIO. 

“We  don’t  see  this  as  a  money-saving 
opportunityj’Tisdale  says.“We’re  not  sure  that 
actually  happens.”  The  value  lies  in  being 
able  to  get  calls  to  and  from  the  firm’s 
lawyers  wherever  they  might  be  in  the  firm’s 
buildings,  all  via  a  single  device. 

The  Agito  server  coordinates  with  a  Cisco 
Call  Manager,  and  the  client  phones  (Nokia 
N95s)  are  visible  to  Call  Manager  via  Session 
Initiation  Protocol  (SIP). With  the  Wi-Fi  inter¬ 
face,  attorneys  find  they  can  connect  wire¬ 
lessly  to  their  broadband  router  at  home, 
and  make  a  four-digit  call  to  any  extension 
in  any  of  the  firm’s  offices  nationwide,  says 
Nellis  Freeman,  information  services  manag¬ 
er  for  the  Menlo  Park  campus. 

The  University  of  California  San  Francisco 
Medical  Center  is  considering  a  wider 
deployment  of  dual-mode  handsets  with  the 
DiVitas  server,  but  the  pace  will  depend  on 
the  gradual  upgrade  of  the  Cisco  802.11b 
WLAN  to  802.1  la/b/g,  says  David  Sproul, 
manager  of  emerging  technologies  and  IT 
capital  projects  for  the  center. 

“We  went  with  DiVitas  to  get  seamless 
roaming  [from  cellular  to  WLAN]  for  doc¬ 
tors’  voice  calls,”  Sproul  says.  “They  want¬ 
ed  the  call  to  not  drop  when  they  walked 
into  or  out  of  the  building.”  The  hospital 
expects  to  save  money  on  cell  plans  but 
isn’t  sure  how  much,  he  says.  A  study  of 
cell  phone  use  found  that  about  60%  of 
the  mobile  calls  were  between  medical 
center  staff  within  the  campus.  Shifting 
these  to  run  over  the  WLAN  will  save 
those  cellular  minutes. 

The  hospital  recently  added  25  handsets,  in 
three  Nokia  models,  to  the  eight  previously 
being  used,  and  users  are  clamoring  for  the 
new  phones,  Sproul  says.  The  wider  deploy¬ 
ment  will  let  the  IT  group  get  more  experi¬ 
ence  in  supporting  and  running  the  system, 
especially  on  the  client  side.  Sproul  says  the 
DiVitas  beta  server  ran  for  more  than  18 
months  with  no  problems. 

The  biggest  complaint  has  been  battery 
life.  Initially  the  dual-mode  phones  barely  got 
eight  hours,  a  problem  when  nursing  shifts 
are  12  hours.  Nokia  has  made  some  tweaks 
at  the  handset  level,  and  the  phones  now  get 


about  10  hours  from  the  battery. 

Handing  it  to  the  carrier 

UMA-based  services  do  away  with  the 
need  for  an  on-site  server.  Instead,  these  func¬ 
tions  are  shifted  to  the  UMA  controller  in  the 
carrier  network,  acting  as  an  interface  be 
tween  the  IP  world  of  a  WLAN  and  the 
mobile  carrier’s  core  network.  Kineto  Wire 
less  is  a  UMA  vendor,  and  T-Mobile  uses  the 
gear  for  services  like  “Hotspot  @Home.” 

One  company  testing  out  T-Mobile’s  UMA 
offering  is  Anthony  Marano  Co.,  a  family- 
owned  fresh-food  distributor  in  Chicago. The 
company  since  2004  had  been  using  a  joint¬ 
ly  developed,  dual-mode  solution  from 
Motorola,  Proxim  and  Avaya, with  dual-mode 
handsets,  a  75-access-point  802.11a  WLAN, 
and  a  SIP-based  PBX  with  software  to  man¬ 
age  the  handoff  with  the  cellular  network.  In 
general,  the  systems  worked  well,  says  CTO 
Chris  Nowak.  But  one  problem  is  a  wireless 
“speed  limit”:  Employees  zipping  around  the 
460,000-square-foot  warehouse  on  pallet 
jacks  or  other  vehicles  lost  the  Wi-Fi  connec¬ 
tion  when  they  drove  at  more  than  a  few 
miles  per  hour. 

The  company  wants  to  upgrade,  and  last 
fall  deployed  a  pilot  WLAN  from  Extricom, 
with  six  antennas  distributed  through  the 
warehouse,  and  about  50  UMA-enabled 
BlackBerry  8320  handsets  with  built-in  cam¬ 
eras  and  Bluetooth,  on  T-Mobile’s  cellular 
network.  Extricom  uses  what  it  calls  a  chan¬ 
nel-blanket  architecture.  The  802.11  media- 
access-control  functions  run  entirely  on  a 
central  controller,  so  the  “access  points”  in 
the  warehouse  are  nothing  more  than  anten¬ 
nas.  There  is  no  handoff  among  them  be¬ 
cause  the  entire  system  in  effect  works  as 
one  access  point. 

The  sleek  new  BlackBerries  “see”  the  Wi-Fi 
network  via  a  one-time  scan.  A  user  enters  a 
key  and  the  device  registers  via  IP  and  the 
Internet  with  the  T-Mobile  UMA  controller. 
The  controller  “knows”  where  each  handset 
is,  uses  the  appropriate  wireless  connection 
for  the  voice  call  and  shifts  between  them 
seamlessly.  ■ 
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Addresses 

continued  from  page  4 

titles  to  IPv4  address  space,  because  the  Internet  will  run  out  of  the 
available  pool  of  IPv4  addresses  before  everyone  makes  the  transition 
to  IPv6.  “We  now  need  to  talk  openly  in  our  policy  development 
process  about  transfers,  trading  and  mechanisms  that  will  allow  the 
Internet  to  continue  to  function  as  smoothly  and  as  reliably  as  possible 
in  the  coming  few  years,”  he  says. 

APNIC  and  the  European  Reseaux  IP  Europeens  regional  registry 
are  considering  changes  to  their  IPv4  address-transfer  policies  that  are 
similar  to  ARIN’s  proposal.  These  changes  are  controversial  and  may 
not  be  approved. 

Many  unanswered  questions  surround  IPv4  address  trading: 

•  Will  it  create  a  financial  market  for  IPv4  address  space? 

•  Will  it  delay  the  transition  to  IPv6  because  more  IPv4  addresses  will 
become  available? 

•  Will  IPv4  address  transfers  swamp  the  Internet’s  core  routers  with 
too  many  routing-table  announcements  from  ISPs? 

“We  don’t  know  whether  some  of  the  side  effects  of  such  a  policy 
make  sense  for  the  Internet,” admits  John  Curran, chairman  of  the  ARIN 
board  of  trustees.  Curran  is  chief  technology  and  operating  officer  at 
ServerVault,  a  Dulles, Va.,  managed  security-services  provider. 

If  IPv4  address  trading  is  permitted,  the  probable  beneficiaries  are 
U.S.  federal  agencies,  universities  and  companies  that  received  mas¬ 
sive  blocks  of  IPv4  address  space  at  the  dawn  of  the  Internet.  Back 
then,  no  one  realized  that  IPv4  addresses  would  become  a  precious 
commodity  so  they  didn’t  assign  IPv4  addresses  efficiently  across 
their  wiring  closets,  buildings  and  campuses. 

Until  now,  these  organizations  have  lacked  a  financial  incentive  to 
renumber  their  networks  to  free  up  IPv4  addresses.lt  is  rare  for  an  orga¬ 
nization  to  return  extra  IPv4  addresses.  Notably  Stanford  returned  more 
than  16  million  IPv4  addresses  in  2000. 

With  an  IPv4  address  shortage  looming,  policymakers  are  stepping 
up  their  efforts  to  recover  unused  IPv4  address  space.  This  week,  the 
Internet  Corporation  for  Assigned  Names  and  Numbers  announced  it 
had  recovered  16  million  IPv4  addresses  from  Net-14,  which  was  origi¬ 
nally  used  to  connect  older  packet-data  networks. 

ARIN’s  proposed  IPv4  transfer  policy  would  provide  an  economic 
incentive  for  organizations  to  free  up  IPv4  addresses.“Hypothetically  a 
large  company  with  excess  IPv4  address  space  could  get  compen¬ 
sated  for  the  work  of  freeing  up  that  space,”  Curran  says. 

ARIN’s  proposal  wouldn’t  allow  speculation  in  IP  addresses,  as  has 
occurred  with  domain  names,  because  it  requires  IPv4  address  space 
that  gets  transferred  to  be  used. 

No  one  knows  if  sizeable  profits  could  be  made  from  transferring 
excess  IPv4  address  space. 

“Now  we’re  telling  people  that  [returning  unused  IPv4  address 
space]  is  the  right  thing  to  do  without  compensation,”  Curran  says. 
“When  you  set  up  a  process  where  an  organization  can  be  compen¬ 
sated  so  it  can  free  up  address  space  that  others  might  not  have,  it’s  very 
hard  to  say  how  that  system  will  actually  behave.” 

The  U.S.  Department  of  Defense,  for  example,  is  sitting  on  a  mother 
lode  of  IPv4  addresses.  Could  this  become  a  saleable  asset  for  the 
department,  akin  to  a  wireless  spectrum  auction?  Experts  say  that 
scenario  is  unlikely  “It’s  fairly  difficult  to  imagine  circumstances 
where  the  receipts  for  such  a  transfer  policy  would  be  so  large  as  to 
incent  someone  who  was  using  the  address  space  to  actually  stop 
using  it,”  Curran  says. 

Experts  agree  that  allowing  the  transfer  of  IPv4  addresses  probably 
would  delay  the  transition  to  IPv6  by  several  more  years.“One  of  the 
forecasts  that’s  most  common  says  that  if  the  unadvertised  IPv4 
address  space  were  somehow  put  back  into  use,  that  could  push  out 
the  date  of  IPv4  address  depletion  by  another  five  or  six  years,” 
Curran  says.“Yes,I  think  allowing  IPv4  address  transfers  could  move 
back  the  date  for  IPv6,  but  I  don’t  know  to  what  extent.  It  could  be 
months,  or  it  could  be  a  handful  of  years.” 

Most  U.S.  network  managers  have  not  yet  begun  migrating  to  IPv6.  At 
issue  is  how  these  network  managers  will  continue  to  expand  their  net¬ 
works  once  the  unallocated  pool  of  IPv4  addresses  runs  out.  IPv4 
address-trading  may  solve  that  problem,  experts  sayH 
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Slow-motion  wake-up  call  for  Web  accessibility 


The  latest  step  in 
the  lawsuit  by  the 
National  Fede¬ 
ration  of  the  Blind 
against  Target  played 
out  in  a  Baltimore 
court  early  this  year, 
with  Target’s  appeal 
being  denied.  So,  the 
case  will  proceed,  and 
if  the  NFB  prevails,  a 
whole  lot  of  corporate 
Web  sites  will  need  to  be  updated. 

This  lawsuit  got  its  start  in  early  2006  when  a 
blind  University  of  California  Berkeley  student 
decided  to  sue  Target  because  the  company 
Web  site  was  hard  or,  at  times,  impossible  for 
blind  people  to  use.  The  lawsuit  claimed  that 
Target  was  violating  the  Americans  With 
Disabilities  Act  (ADA)  and  some  California 
state  laws.  (The  amended  complaint  can  be 
found  at  www.nwdocfinder.com/3721.) 

In  September  a  California  judge  agreed  that 
the  case  might  have  merit,  in  that  Target’s  Web 
site  might  qualify  as  “a  place  of  accommoda¬ 
tion”  that  is  covered  by  the  ADA.  The  lawsuit 
in  October  2007  was  ruled  as  qualifying  to  be 
a  class  action  with  a  nationwide  class,  and 
now  the  U.S.  Court  of  Appeals  for  the  Ninth 


Circuit  has  dismissed  Target’s  appeal. 

The  case  should  be  back  in  court  soon.  (But 
remember  this  is  “soon”  by  a  judicial  calendar 
that  runs  rather  much  slower  than  Internet 
time.) 

Initially  Target  argued  that  the  ADA  only 
applied  to  physical  space,  and  thus  a  Web  site 
was  not  subject  to  the  act.The  judge  disagreed 
that  it  was  so  clear-cut  and  did  not  make  any 
final  rulings,  instead  saying  any  such  rules 
would  be  premature. 

What  will  it  mean  to  you  if  you  run  a  Web  site 
where  you  sell  stuff  to  the  public?  How  about 
if  you  are  just  giving  away  information?  It  is  not 
all  that  clear  yet.The  first  thing  you  will  need  is 
an  accepted  standard  and  a  court  ruling  or 
specific  guidelines  saying  what  conformance 
to  the  standard  means. 

The  two  major  standards  for  Web  accessibil¬ 
ity  in  the  United  States  are  the  W3C’s  Web 
Content  Accessibility  Guidelines  (see  www. 
nwdocfinder.com/3722)  and  the  U.S.  Govern¬ 
ment  Section  508  standards  (see  www.nw 
docfinder.com/3723). 

The  Section  508  standards  apply  to  Web  sites 
that  are  run  or  funded  by  the  U.S.  government, 
and  could  be  considered  a  safe  harbor  (if  your 
site  meets  these  guidelines, you  should  be  OK). 

It  is  harder  to  figure  out  what  would  be 


required  if  you  decided  to  follow  the  W3C 
guidelines.  They  are  far  more  detailed  and 
cover  a  much  broader  range  of  situations  than 
the  Section  508  standards  do. The  W3C  Priority 
1  guidelines  are  about  the  same  as  the  Section 
508  standards,  and  the  W3C  standard  says 
these  guidelines  must  be  met  if  a  Web  site  is  to 
be  considered  compliant.The  problem  comes 
from  the  W3C  Priority  2  and  Priority  3  guide¬ 
lines.  I  have  not  heard  of  any  court  decisions  or 
a  set  of  regulations  that  say  which  of  these 
guidelines  a  site  needs  to  meet  to  avoid  being 
called  noncompliant  with  the  ADA. 

The  Target  case  is  proceeding  slowly,  but  still 
should  be  seen  as  a  wake-up  call  for  Web  site 
operators.The  handwriting  is  on  the  wall,  and 
it  seems  there  is  no  small  chance  that  the 
courts  will  rule  for  the  NFB;  even  if  they  do 
not,  Congress  might  not  be  far  behind  in  fixing 
any  lack.  Of  course,  there  is  no  requirement  to 
wait  until  the  courts  rule;  it  is  just  fine  to  get  a 
start  now  —  in  fact,  it  just  might  be  the  right 
thing  to  do. 

Disclaimer:  The  above  is  my  reading  of  the 
legal  tea  leaves,  not  Harvard’s. 

Bradford  is  Harvard  University's  technology 
security  officer.  He  can  be  reached  at  sob 
@sobco.com. 
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No  subpoena?  No  deal,  no  records 


I  recently  hit  a  new  high  in  my  career  as  sus¬ 
pected  criminal:  When  I  was  leaving  a 
drugstore,  the  security  guard  stopped  me 
and  asked  for  a  receipt.  Even  though  I’d 
picked  the  receipt  up  all  of  10  seconds  earli¬ 
er,  1  couldn’t  locate  it.  And  naturally  I  was 
wearing  one  of  those  Arctic-explorer  jackets 
with  approximately  two  dozen  pockets  (in 
case  1  should  ever  feel  the  need  to  stash  my 
water  bottle  on  my  upper  arm  —  who 
designs  these  things?) 

At  any  rate,  the  poor  security  guard  apolo¬ 
gized  profusely  as  1  went  through  each  pocket, 
saying, “I’m  so  sorry  ma’am,  but  see  those  security  cameras?  If  I  don’t  ask 
you,  I’ll  lose  my  job.”  I  assured  him  that  I  fully  understood  (this  is  New 
York,  after  all),  and  finally  produced  the  receipt. 

Arrest  averted. 

What’s  the  point?  I  wish  the  carriers  would  be 
as  diligent  —  in  the  opposite  direction  — about 
demanding  the  proper  paperwork  before  con¬ 
ducting  a  search. 

The  folks  at  Verizon  earned  some  (exceed¬ 
ingly  rare)  kudos  in  this  column  a  while  back 
for  standing  up  to  the  Recording  Industry 
Association  of  America  (RIAA)  and  demanding 
subpoenas  before  they  would  release  personal 
subscriber  information.  Good  for  them. 

Better  still,  word  is  they’re  sticking  to  that 
position,  even  as  AT&T  is  caving  ignobly.  AT&T 
recently  announced  it  plans  to  monitor  user 
communications,  at  the  behest  of  the  media 
companies,  to  uncover  potential  copyright 
violations. 

As  I’ve  said  previously,  we  have  a  legal  system 


that’s  perfectly  set  up  to  address  theft  —  suspected  and  otherwise.  If 
the  RIAA  wants  to  subpoena  AT&T,  it  can.  Otherwise  —  fuggetaboutit. 
That’s  the  position  Verizon  is  taking  (and  again,  good  for  them).  Let’s 
hope  that  the  folks  at  AT&T  rethink  their  craven  perspective  and  grow 
some  spine. 

More  broadly  all  the  carriers  should  take  this  opportunity  to  publicly 
announce  their  philosophies  around  the  monitoring  and  release  of  cus¬ 
tomer  information. 

And  it  should  be  this:  No  paper,  no  deal.  No  matter  who  asks. 

If  the  feds  want  to  wiretap  —  warrant,  please.  And  the  RIAA  wants  to 
see  personal  information?  Show  us  the  subpoena. 

That  said,  I’m  probably  one  of  the  few  folks  who  believes  the  carriers 
should  be  granted  retroactive  immunity  for  their  actions  immediately 
post-9/ 1 1,  on  the  grounds  of  exceptional  circumstances. 

Here’s  the  thing:  Keep  in  mind  that  both  Verizon  and  AT&T  had  offices 
in  downtown  Manhattan.  In  the  immediate 
aftermath  of  the  attack,  their  shocked  and  hor¬ 
rified  executives  could  smell  the  jet  fuel  from 
the  burning  buildings.  (It  lasted  for  weeks.) 

Nobody  knew  how  many  had  died,  or  when 
the  next  attack  would  come.  When  the  presi¬ 
dent  asked  for  information  that  would  help  the 
United  States  track  down  the  perpetrators,  the 
carriers  can  be  forgiven  for  taking  his  word 
that  the  request  was  fully  legal. 

But  it’s  time  for  a  line  in  the  sand:  From  here 
on  out,  without  a  warrant  or  subpoena,  the  car¬ 
riers  should  refuse  to  act. 

The  bottom  line:  It’s  past  time  for  the  carriers 
to  take  a  stand. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research.  She  can  be 
reached  at  johna@nemertes.com. 
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TECH  UPDATE 

'  An  inside  look  at  technologies  and  standards 


Reducing  MP3  copyright  risks 


BY  JOHNNIE  KONSTANTAS 

P3  music  files  probably  take  up  a  not-inconsiderable  portion  of  a 
corporation’s  shared  file-server  resources. This  not  only  constitutes 
misuse  of  corporate  resources  but  also,  at  its  worst,  can  expose  the 
company  to  copyright-infringement  violations  for  inadvertently  housing 
illegally  obtained  MP3  files. 


M 


The  challenge  is  in  identifying  MP3  files  on 
network-attached  storage  (NAS)  devices  and 
shared  file  servers,  and  removing  these  files  in 
a  timely  fashion.  Because  file-sharing  data 
grows  by  more  than  70%  annually,  according 
to  analyst  estimates,  this  type  of  cleanup  is  dif¬ 
ficult  to  conduct  routinely.  For  this  reason,  con¬ 
tinuous  monitoring  and  auditing  of  file-shar¬ 
ing  data  is  important. 

By  identifying  MP3  file  use,  businesses  can 
reduce  the  risk  of  copyright  infringement. 
After  all,  the  American  recording  industry  and 
its  trade  representative,  the  Recording  Industry 
Association  of  America  (RIAA)  are  targeting 
individuals  and  businesses  they  suspect  of 
infringement.  Consider  the  following: 

•  Last  October,  the  RIAA  won  a  jury  trial  that 
required  a  woman  to  pay  $220,000  in  damages 
to  six  record  companies  because  she  illegally 
downloaded  24  copyrighted  songs. 

•  In  September,  the  RIAA  sent  “403  prelitiga¬ 
tion  settlement  letters  to  22  universities  nation¬ 
wide”  concerning  “evidence  of  significant 
abuse  of  campus  computer  networks  for  the 
purpose  of  copyright  infringement”  (www.nw 
docfinder.com/3736). 

•  In  December  2006  the  four  largest  music 
companies  accused  a  Russian  site  of  copy¬ 
right  infringement, seeking  $1.7  trillion  in  dam¬ 
ages  (www.nwdocfinder.com/3737). 

Fines  have  varied,  but  U.S.  copyright  law  indi¬ 
cates  penalties  of  $750  to  $150,000  per  song. 


The  RIAA  Web  site  details  guidelines  and 
penalties  in  a  section  titled  “The  Law” 
(www.nwdoc  finder.com/3739).  Besides  these 
penalties,  any  business  forced  to  defend  itself 
against  copyright  infringement  will  face  legal 
fees  even  if  the  issue  is  resolved  outside  a 
courtroom. 

Consider  the  example  of  an  employee  who 
uses  the  company  network  to  store  and  share 
a  collection  of  1,000  songs,  the  equivalent  of 
about  80  to  90  CDs’  worth  of  music.  Based  on 
the  minimum  penalty  of  $750,  this  translates  to 
a  potential  penalty  of  $750,000.  (Note:The  law¬ 
suit  the  RIAA  won  in  October  2007  placed  a 
value  of  $9,250  on  each  song,  so  the  $750-per- 
song  estimate  may  be  conservative.)  What’s 
more,  a  law  firm  that  specializes  in  copyright 
infringement  and  litigation  typically  charges 
$400  to  $700  per  hour. 

Monitoring  data  use 

Until  recently,  continuous  monitoring  of 
unstructured-data  use  was  impossible.The  rea¬ 
son  is  that  the  only  way  to  perform  such  an 
audit  was  to  turn  on  the  auditing  function  on 
Windows  file  servers  and  NAS  devices,  neither 
of  which  is  intended  for  perpetual  use  and 
places  an  enormous  performance  burden  on 
file  servers.  In  fact,  Microsoft  warns  against 
turning  on  the  feature  for  any  length  of  time 
because  the  maximum  size  of  the  log  record 
can  be  exceeded  quickly. 


Further  hampering  the  viability  of  data-use 
auditing  is  sorting  through  the  log  output  itself. 
Each  file  access  event  (such  as  read,  write  or 
delete)  can  generate  more  than  25  system 
calls,  or  lines  of  information,  related  to  a  single 
action.  This  means  that  even  if  a  detailed  log 
record  of  unstructured-data  file  usage  were 
easy  to  obtain,  it  would  take  days  to  sort 
through  and  distinguish  access  to  MP3  files 
from  the  rest.  Furthermore,  it  is  nearly  impossi¬ 
ble  to  attribute  this  use  to  an  individual. 

Technology  now  exists,  however,  that  can 
monitor  unobtrusively  all  file  touches  — 
delete,  open,  create  or  rename/move  —  for 
file  servers  and  NAS  devices.  In  fact,  file 
touches  can  be  attributed  to  system  users. 
This  means  that  MP3  file  accesses  can  be 
identified  easily 

A  report,  for  example,  could  list  all  MP3  files, 
showing  where  they  are,  their  names,  who  is 
accessing  them,  and  so  forth.  Sent  to  the  right 
administrator,  this  report  could  lead  directly  to 
questionable  MP3  files  being  investigated  and 
removed,  a  process  that  addresses  the  risk  and 
demonstrates  that  a  company  is  making 
efforts  to  address  the  problem. 

If,  for  example,  an  employee  legally  owns  the 
songs  saved  on  an  organization’s  file  servers  or 
NAS  devices  and  is  the  only  person  who 
accessed  these  files,  the  data-use-detail  record 
can  show  that  no  other  employees  accessed 
the  data.  As  part  of  its  defense  against  copy¬ 
right-infringement  claims,  a  business  could 
also  use  data-use  detail  to  demonstrate  how 
the  MP3  files  were  used. 

By  adopting  such  technology  to  gain  insight 
into  MP3  files,  organizations  can  demonstrate 
they  are  taking  an  active  role  in  addressing 
copyright-infringement  issues. 

Konstantas,  vice  president  of  marketing  at 
Varonis,  can  be  reached  at  jkonstantas@varo 
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Detailed  Access  Summary 


Access  Path 

User  (tame 

Sam  Account  Name 

IP  Address 

File  Name 

ONTAP_ADMN$\volV/ol01Market 


VRNSDEMCABradley  Hawes  Bradley  Hawes  172.17.21.8 


hameaa-haesrim.mp3  mp3 


Detailed  Access  Summary  report  showing  MP3  file  accesses  for  a  given  day  in  April  2006. 
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hile  every  organization  faces  unique  IT  challenges, 
a  core  set  of  technology  issues  affect  companies 
of  ail  shapes  and  sizes.  To  help  you  deal  effectively 
with  these  top  concerns,  Network  World  offers  this  collection 
of  Executive  Guides  based  on  original  Network  World  reporting, 
research  and  analysis: 

•  Leveraging  information:  IT  for  IT,  the  promise  of  automation 

•  Optimizing  IT:  Bigger  bang  for  the  buck 

•  Governance  and  risk  management:  The  new  security  reality 

•  Empowering  people:  The  electronic  team 

•  Enabling  business  flexibility:  Agility  breeds  success 


compliments  of 
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.INFRASTRUCTURE  LOG 

_DAY  69:  All  we  need  is  one  specific  piece  of  info. 

Gil  almost  had  it,  but  his  hand  cramped.  How  are  we 
supposed  to  find  trusted  business  information  when 
these  massive  volumes  of  conflicting  info  keep  pouring  in? 

_Gil  just  grabbed  a  stuffed  panda. 

_DAY  71:  The  answer:  IBM  solutions  for  leveraging 
information.  Now  we  can  cleanse  info  and  standardize  source 
data  fields  for  consistency  and  accuracy.  I  can  create 
a  single,  accurate  and  unified  record  of  info  across  our 
source  systems.  Everyone  can  make  better  decisions. 


.Just  in  time — I  think  we  ran  out  of  quarters. 


Information  Management 


:t’r  vi  \-i i'f 


PiWu 


«  Corporation  in  the  'United  States  and/or  other  countries. 


The  network  is  the  digital  nervous  system  of  corporations  today  and 
evolving  as  quickly  as  business  needs  themselves.  Critical  new  goals 
concern  everything  from  optimizing  resources  to  doing  more  with  less 
and  making  the  organization  more  agile,  all  while  making  IT  more  secure, 
less  complex  and  less  costly.  Download  these  Network  World  Executive 
Guides  to  learn  more. 
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IT  AUTOMATION 


Tools,  management  software  save  money,  increase  efficient 


Sponsored  by  IBM 


Leveraging  information: 
T  for  IT,  the  promise 
of  automation 


The  promise  of  IT  automation  has  dangled  in 
front  of  the  industry  for  years,  as  compelling 
and  elusive  as  the  promise  of  the  paperless 
office.  While  there  have  been  some  gains,  the 
technology  has  delivered  only  basic,  task- 
oriented  functions,  says  David  Williams,  a 
research  vice  president  at  Gartner.  Now  the 
focus  is  on  automating  more  complex,  cross¬ 
domain  IT  processes,  he  says,  and  new  tools 
are  emerging  to  aid  in  that  effort.The  result: 
increased  efficiency,  faster  recovery  rates, 
fewer  human-induced  errors  and  lowered 
costs.  An  inside  look  at  critical  developments. 
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Importance  of  self-healing/ 
self  management 

Given  the  growing  complexity  of  IT  environ¬ 
ments,  how  important  is  the  concept  of  self 
healing/self  management  to  the  future  of 
your  company's  IT  environment? 


■  Important 

■  Somewhat  important 
H  Not  very  important 
18  Not  at  all  important 


SECT 
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Learn  how  to  make  your  data  center  more  efficient: 

IBM.COM/TAKEBACKCONTROL/GREEN 


.INFRASTRUCTURE  LOG 


_DAY  89:  Our  power  and  cooling  costs  are  out  of  control. 
We  spend  the  bulk  of  our  IT  budget  just  keeping  the  data 
center  cool.  I  told  Gil  we  need  to  go  green  in  a  big  way. 


_DAY  91:  Gil  took  us  green. ..kelly  green,  to  be  exact. 

_DAY  93:  You  don’t  go  green  with  paint.  You  go  green  with 
IBM  Cool  Blue™  technology  and  energy  management  services. 
Advanced  server  and  storage  virtualization  can  help 
consolidate  our  boxes  to  lower  energy  usage.  And  the 
new  IBM  P0WER6™  systems  help  us  use  less  energy  doing 
the  same  amount  of  work.1 


1.  Requires  Advanced  Power  Virtualization,  which  is  optional  and  available  at  an  additional  charge.  IBM.  the  IBM  logo,  Cool  Blue,  POWER6  and  Take  Back  Control  are  trademarks  or  registered 
trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  @2007  IBM  Corporation.  Ail  rights  reserved. 


Planned  Data  Center  Investments 

Which  of  the  following  areas  does  jour  organi¬ 
zation  plan  to  make  substantial  data  center 
investments  within  the  next  three  years? 

%  Responding 

Server  virtualization  O/ IQ/ 

(VMware.Xen.etc.)  0  •  /O 


Storage  virtualization 


Open  source  tools 


Grid  computing 


None  of  the  above 


Base=245  Multiple  responses  allowed 


Source:  NetworkWorld 
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GUIDE  TO  GOVERNANCE 
AND  RISK  MANAGEMENT: 

The  new  security  reality  I  __ 


Influence  of  Compliance  on 
Security  Issues 

Compliance  is  driving  security  issues  that: 


|  We  were  going  to  do  anyway 
■  We  might  have  undertaken  anyway 
g|  We  probably  wouldn't  have  gotten 
around  to 

Wi  We  don’t  really  need 
H  Other 


Sponsored  by  IBM 


Source:  NetworkWorld 


IT  consolidation  efforts,  coupled  with  tech¬ 
nologies  such  as  virtualization,  storage-area 
networks,  blade  servers,  grid  computing  and 
Linux,  are  coalescing  into  a  potent  mix  that  can 
help  companies  begin  to  restore  the  balance  of 
capital  expenditures  to  operating  expenditures. 
Today,  after  all,  it  isn’t  uncommon  for  compa¬ 
nies  to  be  spending  80%  of  their  IT  budgets 
on  the  latter,  leaving  precious  little  to  invest 
in  new  technology  that  will  move  the  cause 
forward.  A  look  at  the  core  technologies 
making  it  possible. 


While  the  government  now  mandates  compli¬ 
ance  with  a  range  of  security  practices,  big 
business  doesn't  need  the  reminder.  Breaches 
cost  millions  of  dollars,  jeopardize  the  brand 
and  have  even  put  some  companies  out  of 
business.  Compliance  is  the  law,  but  sound 
security  is  now  a  corporate  requirement.  An 
examination  of  the  tools  companies  are  bringing 
to  bear  to  mitigate  risk,  comply  with  government 
regulations  and  keep  the  bad  guys  at  bay. 
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.INFRASTRUCTURE  LOG 

.DAY  84:  Feeling  really  disconnected.  We’re  not  getting 
the  most  out  of  our  existing  assets.  Service  and 
application  integration  is  a  nightmare.  We’ve  got  to 
stop  working  on  these  islands. 

_Please  rescue  me  from  this  lack  of  connectivity. 

_DAY  87:  We  re  saved!  With  IBM  WebSphere  solutions  we 
can  service-enable  and  connect  our  existing  assets  for 
mission-critical  goals.  Now  we  can  reuse  existing 
applications  and  save  money  by  eliminating  redundant 
systems.  We’re  ready  for  any  SOA  integration  project. 

.Plus,  no  more  jellyfish  stings. 
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EMPOWERING 
PEOPLE:  r 


Importance  of  Collaborative 
Technologies 

How  important  are  new  collaborative 
technologies  to  your  company's  future 
productivity  goals? 


H  Important 
H  Somewhat  important 
B  Not  very  important 
H  Not  at  all  important 


Spoiled  by  IBM 


Source:  NetworkWorld 


Consideration  of  agility  in 
IT  planning 

In  terms  of  IT  planning,  agility: 


Is  core  to  everything  we  do 

Is  a  key  consideration 

Is  rarely  considered 

Has  nothing  to  do  with  IT  planning 


A  host  of  Web  2.0  and  other  collaboration  tools 
is  making  it  possible  for  workers  stationed  at 
remote  company  sites  and  within  partner  and 
customer  organizations  to  work  to  a  single  end. 
Tasks  are  no  longer  bounded  by  who  can  be 
ushered  into  what  conference  rooms  at  an 
appointed  hour.  Now  it  is  possible  to  stitch 
together  teams  on  the  fly  by  quickly  ascertaining 
who  is  available,  who  has  what  knowledge 
of  an  issue  and  who  can  access  what  communi¬ 
cations  capabilities.  A  look  at  how  companies 
are  empowering  their  front-line  teams. 


The  electronic  tea 


GOTO»  http://www.idatechciuides.com/nwprint 


Business  is  becoming  less  predictable,  cycles  are  getting 
shorter,  margins  are  getting  squeezed  and  globalization 
is  changing  the  playing  field.  Many  companies  will  survive 
this  perfect  storm,  but  only  the  agile  will  thrive,  and  IT  is 
the  key  enabler.  An  inside  look  at  the  technologies  that 
companies  are  pursuing  to  ensure  they  stay  fleet  of  foot, 
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64% 

18% 

17% 
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_DAY  82:  There  are  so  many  risks  out  there.  Traffic  spikes, 
natural  disasters,  mergers.  How  do  we  prepare?  One  in  three 
companies  don’t  recover  from  unplanned  downtime.1  Would  we? 

_Gil  wrapped  everything  with  bubble  wrap.  Just  to  be  safe. 


.DAY  83:  I’m  preparing  with  IBM  Business  Resilience 
Solutions.  IBM  Business  Continuity  Services  help  us 
assess  our  risks  and  design  a  proactive  plan  to  deal  with 
them.  IBM  Tivoli  gives  us  the  visibility  to  diagnose  and 
fix  infrastructure  problems.  And  the  robust  availability 
features  of  the  IBM  System  p™  give  us  maximum  uptime. 


.No  more  bubble  wrap.  And  I  have  to  mail  a  package.  Great. 


Take  the  business  continuity  assessment  at: 

IBM.COM/TAKEBACKCONTROL/READY 


mmm 

'Mmk 


fSSSft 


3bS 

■ 


si* 


Tivoli 


1  Source:  “Business  Continuity  Unwrapped,1'  Continuity  Central,  2006.  www.continuitycentral.conVfeature0358.htm.  IBM.  the  IBM  logo,  System  p.  Take  Back  Control  and  Tivoli  are  trademarks  or 
registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2007  IBM  Corporation.  All  rights  reserved. 


Wrapping  up  the  e-commerce  saga 


Over  the  last  few  weeks  I’ve  been  discussing 
my  problems  getting  an  e-commerce  site 
going  for  my  wife’s  small  company  and 
many  of  you  have  written  in  with  thoughts  and 
observations.  Here’s  a  selection  of  the  feedback. 
GEARHEAD  Manish  Jha  wrote  about  one  of  the  first 
jFj  ,  p  .  I,  columns  in  the  series  saying  1  try  Quickbooks 

IVI  a  f  K  b  I  D  D  S  Merchant  Service  for  credit  card  processing. 

1  did  use  Quickbooks  Merchant  Service,  and  it 
works  fine.The  problem  that  tripped  me  up  was  that  transactions  for  that 
card  that  are  passed  through  the  Quickbooks  service  will  fail  until  you 
establish  an  American  Express  Merchant  Account.  Quickbooks 
Merchant  Service  acts  as  the  credit  card  processing  back  end  to  the 
Network  Solutions  e-commerce  services,  and  the  error  message  for  this 
problem  is  unhelpful. 

Following  my  comments  about  the  problems  with  customizing 
ProStores,  one  of  the  e-commerce  services  recommended  by  Intuit  (the 
publishers  of  Quickbooks),  Kurt  Davey  the  president  of  Neoverve,  a 
Master  ProStores  Reseller,  said:  “Customizing  any  eCommerce  applica¬ 
tion  is  difficult  for  the  majority  of  merchants  to  achieve.  Providers  who 
advertise  their  platform  as  a  Low  Cost,  Do-It-Yourself  application  are  sim¬ 
ply  unable  to  support  customizations.  They  don’t  have  professional 
designers  and  developers  on  staff  to  support  users  who  wish  to  cus- 
tomize.They  have  extremely  high  customer  churn  rates  for  the  exact  rea¬ 
sons  you  cited.” 

That’s  my  point!  These  e-commerce  service  providers  all  oversell  and 
under-deliver.  Their  one-size-fits-all  solutions  are  fine  as  long  as  you  don’t 
mind  looking  and  working  within  narrow  limits  that  are  actually  too  nar¬ 
row  for  anything  but  the  most  simplistic  commercial  purposes. 

Lin  Shearer,  who  works  in  ProStores  Marketing,  also  sent  me  an  e-mail 


regarding  my  comment  that  ProStores  support  said  it  would  not  support 
sites  customized  at  a  low  level:  “To  address  your  experience  with  our 
tech  support  —  I  think  what  they  meant  was  ...  if  you  do  your  own  cus¬ 
tom  coding  and  make  certain  changes, you  might  break  your  store  if  you 
don’t  know  what  you’re  doing  —  and  we  do  not  provide  tech  support  to 
help  you  fix  the  code.  Seems  a  little  silly  1  agree.”  Do  I  need  to  point  out 
the  weakness  of  this  argument? 

Shearer  pointed  out  that  the  documentation  needed  for  customizing 
is  available  but  you  have  to  go  to  the  ProStores  Designer  Certification  site 
to  find  it,  and  the  documentation  is  all  in  Flash  or  Windows  Media  video 
format.  So,  why  is  it  not  written  down?  I  can  read  faster  and  retain  more 
information  than  those  turgid  videos  can  deliver.  And  where’s  the  refer¬ 
ence  manual  for  the  customized  tags  that  ProStores  uses?  How  can  you 
pretend  to  be  for  professionals  when  you  have  no  documentation?! 

Many  of  you  wrote  in  recommending  other  tools.  Colin  Quarello  sug¬ 
gested  using  ZenCart,“an  osCommerce  branch  project  that  includes  a  lot 
of  additional  features  out  of  the  box”,  while  Curt  Akin  offered 
LiteCommerce. 

Robert  Thomas  said, “Almost  every ‘solution’ that  I  have  investigated  has 
a  learning  curve  and  does  not  have  all  of  the  desired  features  out  of  the 
box.  Many  add-ons  are  required  to  make  things ‘user  friendly’.” 

Thomas  recommended  CMSimple  and  suggested  the  associated 
Quick  Cart  e-commerce  solution. 

I’ve  been  taking  a  look  at  content-management  systems  and  this  one 
looks  pretty  interesting.  There  may  well  be  a  Gearhead  on  the  topic  in 
the  near  future  so  tell  me  what  you’re  using.  Looks  like  I’ve  got  my  home¬ 
work  cut  out  for  me.  Next  week,  something  different.  Completely 

Gibbs  slaves  over  a  hot  browser  in  Ventura,  Calif.  Send  your  links  and 
thinks  to  gearhead@gibbs.com. 


Everyone’s  got  iPhone  and  Android  envy 

T 


COOLTOOLS 


i  wo  notable  trends  emerged  from  last 
week’s  Mobile  World  Congress  2008  show 
in  Barcelona.  First,  manufacturers  are  com¬ 
ing  out  with  iPhone-like  touch-screen  devices, 
and  second,  everyone  is  eager  to  see  what  the 
Android  phones  will  look  like. 

The  latest  entrant  in  the  “we’re  just  like  an 

_  iPhone”  game  is  a  partnership  between  Sony 

Ericsson  and  Microsoft  with  its  Xperia  XI  device, 
which  runs  the  Windows  Mobile  operating  system  and  features  ad¬ 
vanced  mobile  Web  connectivity  (it  supports  Wi-Fi,  Bluetooth  and  the 
advanced  HSDPA/HSUPA  wireless  networks).  The  3-inch-wide  touch 
screen  has  VGA  resolution,  a  3.2-megapixel  digital  camera,  music  player, 
FM  radio  and  a  full  keyboard  that  slides  out  in  an  arc  from  underneath 
the  display  Sony  Ericsson  said  the  phone  would  be  available  in  the  sec¬ 
ond  half  of  2008. 

Other  touch-screen  models  from  Sony  Ericsson  included  the  G700  and 
G900  models,  which  aim  to  bring  touch-screen  devices  to  the  main¬ 
stream. The  G700  includes  touch-controlled  Notes  applications  that 
allow  users  to  write  and  draw  memos  with  their  fingers,  a  2.4- 
inch  display  and  3.2-megapixel  digital  camera.  The  G900  in¬ 
cludes  a  5-megapixel  digital  camera,  2.4-inch  screen,  em¬ 
bedded  Wi-Fi  for  Internet  access  and  touch-enabled 
media  player.  The  phones  support  the  UMTS 
2100  networks,  and  will  be  available  in  selected 
markets  (European  first,  most  likely)  in  the  sec¬ 
ond  quarter. 

Another  impressive  cell  phone  model  was  Sam¬ 
sung  Electronics’ Soul  phone,  the  latest  model  in  its 
Ultra  edition  series.The  Soul  is  a  slider-type  handset 
with  a  touch  panel  under  the  display  The  panel 


shows  navigation  icons  that  can  change  according  to  the  current  appli¬ 
cation  running  on  the  handset.  For  instance,  when  in  camera  mode  the 
phone  displays  zoom  and  brightness  icons,  with  music-player  icons 
appearing  when  the  phone  is  in  music  mode.  The  GSM-based  handset 
operates  over  HSDPA,  features  Bluetooth  2.0,  has  a  5-megapixel  digital 
camera,  FM  radio  and  Radio  Data  System  support.  The  phone  is  being 
marketed  toward  European  customers  for  availability  in  April. 

While  there  weren’t  any  official  phones  with  the  Google  Android  soft¬ 
ware  platform,  several  chip  manufacturers  were  showing  off  prototypes 
and  proof-of-concept  phones  at  the  show.  Freescale,  Marvell,  NEC  Elec¬ 
tronics,  Qualcomm  and  Texas  Instruments  (TI)  were  showing  off  various 
devices  with  what  an  Android  phone  might  look  like  later  this  year. 

Because  TI  only  makes  chips,  representatives  said  their  prototype  would 
just  be  an  example  of  what  a  finished  Android  phone  could  look  like, 
leaving  development  of  the  hardware  and  software  interface  to  others. 

The  Bluetooth  Special  Interest  Group  (S1G)  announced  it  was  devel¬ 
oping  “a  method  of  radio  substitution”  that  would  let 
Bluetooth  protocols,  profiles,  security  and 
pairing  be  used  in  devices  while  getting 
faster  throughput  from  temporary  use 
of  a  secondary  radio  already  in  the 
device.The  Alternate  MAC/PHY  architec¬ 
ture  will  take  a  two-phased  approach  as 
Bluetooth  SIG  members  drive  the  specifica¬ 
tion  forward,  the  SIG  said.The  goal  would  be 
faster  transfer  of  large-format  data,  such  as 
music  and  video,  over  the  faster  connection 
but  still  utilizing  the  Bluetooth  protocols. 


Sony 
Ericsson’s 
Xperia  XI 


The  IDG  News  Service  contributed  to  this 
report. 
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Whether  you  need  P2V  conversions  for  one-time 


virtualization  implementation  or  for  ongoing 
DR  strategies, Vizioncore  can  set 
you  on  the  right  path. 


vConverter™ 

•  Conversion  directly  to  ESX  Server  host 

•  Quick  setup  &  lightning  fast  conversion 

•  User  friendly  GUI  or  CLI  for  advanced 
level  administrators 

•  Batch  &  Schedule  modes  for  automated, 
remote  conversions 

•  Block-level  cloning  eliminates  risk  of  data  loss 

•  Works  with  leading  virtualization  platforms 

vRanger  Pro  with  P2V-DR™ 
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U.S.  data  centers  rack  up  billions 
in  electricity  costs  annually. 

Get  power  costs  under  control 
before  the  energy  crisis  hits  you. 

BY  CAROLYN  DUFFY  M ARSAN 


Adam  Gray,  CTO  of  Novacoast,  isn’t  respon¬ 
sible  for' the  power  and  cooling  costs  of 
his  company s  two  data  centers,  and  he 
,  isn’t  too  worried  about  the  effect  of  esca- 
i  fating  energy  prices  on  his  IT  opera- 
\  tions.  Novacoast  is  a  Santa  Barbara, 
I  Calif. -based  IT  professional  sendees  firm 
1  with  100  employees  and  17  locations. 

H  “California,  where  our  primary  data  center  is  located, 
S  has  pretty  well  stabilized  power  costs  in  the  last  few 
S  years,  so  we  haven’t  seen  any  big  increases,”  Gray  says. 
“We  have  an  infrastructure  in  place  to  grow  without  having  to  add  a  lot  of 
servers.  [Power  costs]  are  not  a  major  driver  for  us.” 

One  reason  Gray  isn’t  too  worried  about  power  costs  is  that 
Novacoast  recently  finished  a  server  virtualization  effort,  migrating 
from  25  1U  servers  to  two  blade  servers.  Now  Novacoast  can  turn  up 
virtual  servers  in  minutes  to  support  software  development  efforts  for 
its  clients.  Virtualization  also  has  reduced  the  firm’s  monthly  electric 
bill  by  a  few  hundred  dollars. 

Gray  says  he’d  pay  more  attention  to  energy  use  if  his  electric  bill  was 
higher.  That’s  the  reason  he  hasn’t  factored  energy  efficiency  into  his 
ongoing  evaluation  of  servers  from  Dell,  HP  and  IBM. 

“Energy  efficiency  is  not  a  priority  Gray  admits.“Our  priorities  are  sup¬ 
port,  hardware  replacement,  mean  time  between  failures,  cost  and  relia¬ 
bility  The  power  consumption  cost  is  a  very  small  percentage  of  our  IT 
costs.  But  if  we  lost  a  server,  that  would  be  catastrophic.  Energy  efficiency 
is  important,  but  it  doesn’t  make  our  top  five.” 

Gray  is  not  alone.  Most  IT  executives  haven’t  focused  on  their  IT  equip¬ 
ment’s  power  costs,  and  they  aren’t  taking  energy  efficiency  into  account 
when  they  choose  servers,  storage  devices  or  network  gear. 

In  a  recent  survey  of  590  Network  World  readers,  68%  of  respondents 
said  they  were  not  responsible  for  power  bills  related  to  their  data  center’s 
IT  equipment,  and  only  21%  had  established  an  ongoing  dialogue 
between  IT  staff  and  facilities  management  personnel. 

A  majority  of  IT  executives  —  51%  —  don’t  consider  energy  efficiency 
in  IT  product  evaluations,  the  survey  found.  In  addition,  more  than  50%  of 
the  respondents  failed  to  take  the  most  obvious  steps  to  reduce  IT  power 


The  data-center  power  problem  and  you 


The  results  of  a  recent  survey  of  590 
readers  indicate  that  most  IT  profes¬ 
sionals  aren't  fully  aware  yet  of  the 
looming  data-center  power  problem. 
Those  who  are  aware  say  they’re 
taking  basic  steps,  such  as  removing 
unused  servers  and  cabling,  to  make 
their  data  centers  more  energy 
efficient. 


STEPS  TAKEN  TO  REDUCE  II  POWER  CONSUMPTION 


Scouted  out  and  removed  servers 
and  cabling  no  longer  in  use 

Consolidated  physical  servers 
through  virtualization 

Acquired  energy-efficient  IT  gear 


Updated  the  facilities  infrastructure 
for  energy  efficiency 

Established  ongoing  dialogue  between 
IT  and  facilities  management  personnel 

Invested  in  use  of  power- 
management  tools 

Imposed  financial  penalties 


42% 

41% 


21% 
18% 


SOURCE: 

NETWORK  WORLD 
TECHNOLOGY 
OPINION  PANEL: 
WWW.NWWBETOPDOG.COM 


None  of  the  above 


Other 


consumption,  such  as  removing  servers  no 
longer  in  use.The  e-mail  survey  was  conducted 
in  November  2007. 

This  lack  of  interest  in  IT  power  costs 
appears  to  be  changing,  particularly  at 
Internet  companies,  financial  institutions  and 
leading-edge  retailers. 

More  IT  executives  are  coming  to  grips  with 
a  grim  reality:  Data-center  power  and  cooling 
costs  are  the  hidden  enemy  of  IT  depart¬ 
ments.  They  creep  up  on  unsuspecting  CIOs 
like  deadly  mists  and  choke  off  their  ability  to 
deploy  new  equipment  and  applications. 

“If  a  CIO  has  not  had  to  build  a  new  data 
center  recently,  this  is  likely  to  be  a  huge  sur¬ 
prise,”  says  Ken  Brill,  founder  and  executive 
director  of  the  Uptime  Institute,  which  pro¬ 
vides  consulting  services  to  more  than  100 
data-center  operators. 

“Oftentimes,  the  people  who  pay  the  power 
bill  aren’t  in  the  IT  department,  they’re  in  the 
facilities  department. Where  it  shows  up  is  in  the 
capital  cost  for  the  data  centerf  Brill  says.“This  all 
happens  invisibly  until  you  run  out  of  capacity’ 

CIOs  who  get  data-center  power  and  cool¬ 
ing  under  control  can  reduce  IT  operations 
costs  significantly,  bolster  corporate  profits 
and  gain  a  strategic  advantage  over  their 
competitors,  experts  say. 

“There’s  a  huge  opportunity  here.  By  looking 
at  efficiency  and  improving  your  operations, 
you  can  substantially  reduce  the  cost  of  your 
data  center^’  says  Christian  Belady  principal 
power  and  cooling  architect  for  Microsoft’s 
global  foundation  services.  “As  IT  operations 
become  a  bigger  piece  of  the  cost  pie,  how  well 
businesses  manage  their  operations  and  how 
efficiently  they  run  their  data  centers  could  be 
the  difference  between  making  money  and  not 
making  money  between  having  a  lower  cost 
structure  than  competitors  and  beating  them 
on  Wall  Street  or  not,”  he  adds. 

The  data-center  power  problem 

The  cost  of  a  data  center’s  power  and  cooling 
typically  is  more  than  the  cost  of  the  IT  equip¬ 
ment  inside  it,  experts  say.  That’s  because 
today’s  IT  systems  —  including  servers,  routers 
and  network-attached  storage  —  pack  more 
transistors  on  each  chip  and  more  power- 
hungry  chips  in  the  same  or  smaller  footprint. 

“When  you  buy  computer  equipment,  it 
comes  with  an  embedded  level  of  power  con¬ 
sumption,”  the  Uptime  Institute’s  Brill  explains. 
“Let’s  say  you  spend  $10  million  a  year  on  hard¬ 
ware.  The  same  $10  million  that  you  spend 
today  will  bring  with  it  10  to  15  times  the  power 
consumption  it  did  in  2000.” 

Meanwhile,  companies  are  demanding 
more  compute  cycles,  and  that  forces  them  to 
add  servers.  Although  today’s  servers  are 
more  energy  efficient  than  earlier  models, 
improvements  in  energy  efficiency  haven’t 
kept  pace  with  increases  in  computational 
performance,  experts  say. 

Today’s  IT  hardware  requires  more  UPS, 


generator,  air  conditioning  and  power- 
distribution  capacity  than  in  the  past.  That’s 
why  IT  executives  looking  to  deploy  servers 
often  are  surprised  to  find  out  that  they  have 
run  out  of  space,  power  or  cooling  capacity 
in  their  data  centers. 

“The  average  CIO  is  only  marginally  aware  of 
his  electricity  bill  but  is  keenly  aware  of  the 
powering  and  cooling  limitations  in  his  data 
center  facility  says  Carl  Cottuli,vice  president 
of  American  Power  Conversion’s  (APC)  Data 
Center  Science  Center.  “Over  the  last  couple 
years,  this  issue  has  really  come  up  to  the  front 
seat.  It’s  always  been  there,  but  it  was  less  of  a 
concern  than  other  issues  on  an  IT  manager’s 
desk.  Now  it  has  a  direct  impact  on  the  ability 
to  deploy  enterprise-class  servers,  and  it’s  dri¬ 
ving  virtualization  and  consolidation  efforts.” 

CIOs  who  aren’t  managing  their  data-center 
power  and  cooling  capacity  can  get  caught  off¬ 
guard.  “I  have  seen  IT  managers  who  weren’t 
able  to  roll  out  new  equipment  [they  have 


ready  to  plug  in]  because  they  had  no  avail¬ 
able  power  or  cooling,”  Cottuli  says. 

Part  of  the  problem  is  that  most  data-center 
operators  aren’t  measuring  or  tracking  the 
energy  efficiency  of  their  buildings.  The  Green 
Grid,  an  IT  industry  consortium,  has  come  up 
with  two  new  metrics  —  Power  Usage 
Effectiveness  (PUE)  and  Data  Center 
Infrastructure  Efficiency  (DCiE)  —  to  measure 
how  well  a  data  center  manages  the  power  and 
cooling  overhead  required  by  its  IT  equipment. 
At  this  point,  however,  only  a  handful  of  data 
center  operators  use  these  metrics,  experts  say 
(see  “Two  ways  to  measure  power  consump¬ 
tion,”  page  38). 

“You  can’t  improve  it  if  you  don’t  measure  it,” 
Microsoft’s  Belady  says.  “For  years,  I  went 
around  talking  with  various  customers  about 
best  practices.  When  I  visited  them  a  year  later, 
they  hadn’t  changed  a  damn  thing  because 
they  couldn’t  quantify  the  benefits.” 

In  2007,  however,  companies  started  getting 
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pressure  from  boards  of  directors  and  share¬ 
holders  to  reduce  energy  use  and  become 
more  “green.”  As  soon  as  companies  take  a  look 
at  their  electricity  bills,  they  figure  out  that  their 
data  centers  are  their  heaviest  users. 

“The  data  center  consumes  up  to  40  times 
more  power  per  square  foot  than  anything  else 
in  the  asset  portfolio.  When  you  do  an  energy 
audit,  this  is  going  to  jump  out,”  the  Uptime 
Institute’s  Brill  says.  “For  a  large  company,  hun¬ 
dreds  of  millions  of  dollars  could  be  saved  over 
10  years  by  taking  steps  to  make  data  centers 
more  energy  efficient.”  (See “Chill  out:  Five  ways 
to  ease  the  power  problem,”  page  40.) 

The  data-center  power  problem  is  serious 


enough  to  attract  attention  from  policymakers. 
Between  2000  and  2006,  the  amount  of  elec¬ 
tricity  consumed  by  U.S.  data  centers  doubled, 
and  it  is  projected  to  double  again  by 
2011,  according  to  a  U.S.  Environmental 
Protection  Agency  report  (www.nwdocfind 
er.com/3821)  to  Congress  last  summer  on  data¬ 
center  and  server  efficiency  The  EPA  estimates 
that  data  centers  consumed  about  61  billion 
kilowatt-hours  of  electricity  in  2006,  which  cost 
$4.5  billion  and  represents  1.5%  of  the  total  bill 
for  electricity  used  in  the  entire  United  States. 

IT-related  energy  use  is  becoming  a  higher 
priority  for  CIOs  for  two  reasons:  rising  electric¬ 
ity  costs  and  pressure  to  reduce  the  IT  carbon 
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footprint, says  Jack  Pbuchet, 

director  of  energy  initiatives 

at  Leibert,  a  leading  provider  of  data-center 

cooling  systems. 

“If  the  cost  of  electricity  went  down  to  3  cents 
a  kilowatt-hour,  the  cost  concern  goes  away 
Then  it’s  a  question  of  best  practices.  People 
don’t  want  to  waste  money  . . .  and  build  a  data 
center  that’s  twice  as  big  as  they  need  because 
electricity  is  cheap,”  Pouchet  says.  “But  C02  — 
the  green  issue  —  that  is  on  everybody’s  radar. 

That  issue  doesn’t  appear  to  be  going  away” 

Testing  for  energy  efficiency 

Attacking  the  data-center  power  problem 
starts  with  buying  energy-efficient  IT  hardware, 
power  and  cooling  equipment. 

“There  is  energy-efficient  hardware  out  there, 
but  it  costs  more,”  the  Uptime  Institute’s  Brill 
says.  “All  the  manufacturers  tell  us  that  their 
energy-efficient  hardware  isn’t  selling.” 

State  Farm  Life  Insurance  in  Bloomington, Ill., 
is  one  of  the  few  companies  to  take  energy 
efficiency  into  account  when  it  purchases 
servers,  PCs  and  other  network  gear.  The  com¬ 
pany’s  facilities  team  has  set  up  a  laboratory 
run  in  conjunction  with  the  IT  department, 
for  testing  power  consumption  of  all  the  sys¬ 
tems  going  into  its  data  centers.  It  prefers  test¬ 
ing  the  equipment  itself  to  relying  on  vendor- 
provided  energy-efficiency  statistics,  which 
have  proved  inaccurate,  says  Ron  Kalley,  the 
company’s  director  of  facilities.“The  only  way 
for  us  to  figure  out  which  server  or  PC  is  more 
energy  efficient  is  to  put  it  in  our  own  shop 
on  our  network,  and  to  test  that  component  in 
the  way  we’re  going  to  use  it  to  see  what  it 
does  for  us,”  he  says. 

Last  year,  for  example,  State  Farm  tested 
power  supplies  as  part  of  its  procurement  of 
200,000  workstations.  The  company  found 
that  if  it  spent  $15  more  per  workstation  on  a 
more  efficient  power  supply,  it  would  earn 
back  that  investment  in  the  first  year  with 
reduced  energy  costs. 

“We’ve  gotten  folks  to  [understand]  that  if  we 
do  our  due  diligence  and  look  at  the  power 
consumption  of  equipment,  we  can  save 
money  overall,”  Kalley  says.  “Our  workstations 
are  on  a  three-year  rotation,  so  for  years  two 
and  three,  the  power  is  basically  at  no  charge.” 

State  Farm  has  tracked  its  IT  operations 
expenses  since  it  unexpectedly  ran  out  of 
capacity  in  one  of  its  data  centers  in  2004. The 
company  runs  data  centers  in  Bloomington, 
Atlanta,  Dallas  and  Phoenix. 

“In  2004,  we  started  recognizing  the  associ¬ 
ated  costs  of  the  IT  capital  spend,”  Kalley 
explains.“This  was  really  a  catalyst  for  us  to  start 
thinking  more  clearly  about  what  we  needed  to 
do  to  manage  [capital  expenditures  and  oper¬ 
ating  expenditures] .  We  needed  to  get  more 
proactive  at  looking  at  life-cycle  costs.” 

State  Farm’s  initial  focus  was  on  better  man¬ 
aging  data-center  capacity  to  make  sure  it  was¬ 
n’t  caught  flat-footed  again.  Now  the  company 

See  Power  costs,  page  36 
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It's  time  to  move  to  the  future 
with  the  hardware  you've  got. 

When  moving  to  VoIP,  ripping  and 
replacing  used  to  be  the  only  way.  Now, 
it's  the  out-of-date  way.  That's  because 
it's  no  longer  about  hardware. 

It's  actually  about  software. 

Now  you  can  keep  your  hardware — 
your  PBX,  your  gateways,  even  your 
phones.  Simply  move  to  VoIP  with 
software.  Software  that  integrates  with 
Active  Directoryf  Microsoft®Office, 
Microsoft  Exchange  Server,  and  your  PBX. 

Maximize  your  current  PBX 
investment  and  make  it  part  of  your 
new  software-based  VoIP  solution 
from  Microsoft.  You're  much  closer  to 
VoIP  than  you  realize.  Learn  more  at 
microsoft.com/voip 


Your  potential.  Our  passion  * 


Microsoft * 
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continued  from  page  33 

plans  its  data-center  capacity  at  least  24 
months  ahead  of  time  so  the  facilities  team 
can  meet  the  needs  of  the  IT  department. 

“Around  2005, 1U,2U  and  3U  servers  were 
becoming  commodities,  and  people  were 
buying  them  like  M&Ms,”Kalley  says.“lT  folks 
were  buying  as  many  as  they  could  at  the 
lowest  cost,  but  they  weren’t  looking  at  the 
power  supplies.  We  had  to  find  a  way  to 
stem  this  tide.” 

In  its  laboratory,  the  facilities  team  tests 
not  only  the  power  consumption  of  equip¬ 
ment  headed  for  its  data  centers  but  also 
its  performance  and  reliability  Among  the 
equipment  tested  in  the  lab  are  PCs, 
servers,  power  distribution  units,  static 
transfer  switches,  network  equipment  and 
storage  devices.  Still,  measuring  energy 
savings  from  the  test  lab  is  hard,  Kalley 
says. All  the  time  we’re  trying  to  drive  kilo¬ 
watt  consumption  down,  the  price  of  en¬ 
ergy  is  going  up.  I  think  the  benefit  is  in 
cost  avoidance  rather  than  cost  savings.” 

One  advantage  for  State  Farm  in  attacking 
datacenter  power  consumption  is  the  close 
working  relationship  between  facilities  and 
the  IT  department.  The  facilities  group 
shares  the  datacenter  electric  bill  with  the 
IT  group,  and  the  two  partner  on  testing, 
procurement  and  other  activities.  As  direc¬ 
tor  of  facilities,  Kalley  spends  half  his  time 
working  with  the  IT  department. 

“It’s  not  just  energy  consumption.  The 
other  thing  we’re  trying  to  do  [with  the  IT 
department]  is  socialize  the  understanding 
that  capacity  is  not  infinite,”  Kalley  says. 
“We’ve  been  trying  to  manage  our  con¬ 
sumption  to  the  best  of  our  ability  so  we  can 
[wait]  four,  five  or  six  months  before  we 
have  to  spend  multimillion  dollars  on  an 
upgrade  to  one  of  our  facilities.  That’s  the 
cost-avoidance  piece.” 

Companies  that  manage  data  center 
capacity  well  will  end  up  meeting  corporate 
carbon-footprint  requirements,  too,  Kalley 
says.At  State  Farm,  the  energy  spend  for  our 
data  centers  is  25%  of  our  entire  real  estate 
portfolio,”  he  says.  “Everybody  is  talking 
about  going  green.  I’m  just  talking  about 
hard-nosed,  efficient  operations.  If  you  do 
that, you’ll  be  green.” 


need  1,000  watts  of  power  for  your  IT  equip¬ 
ment,  your  data  center  should  require  no 
more  than  2,000W  overall. 

Wachovia,  the  nation’s  fourth-largest  finan¬ 
cial  institution, has  a  high-end  data  center  in 
Birmingham,  Ala.,  that  operates  at  a  PUE  of 
1 ,6.“We’re  in  the  stage  of  designing  new  data 
centers,  and  we’re  trying  to  get  the  PUE 
down  to  1.4,”  says  Bob  Cashner,  senior  vice 
president  of  corporate  real  estate  for 
Wachovia,  in  Charlotte,  N.C.  “Ideally  we 
would  get  that  number  down  to  1. We’re  aim¬ 
ing  for  that.We’re  trying  to  do  things  that  get 
our  PUE  lower  and  lower” 

For  the  Birmingham  facility,  Wachovia 
used  the  most  energy-efficient  UPS  systems, 
generators  and  chillers  available  at  the  time, 
Cashner  says.  “We  look  at  the  lowest  long¬ 
term  owning  and  operating  costs.  You  can 
spend  a  few  more  dollars  on  Day  1  and  do 
things  that  will  save  you  money  long-term.” 

Wachovia  is  using  virtualization  in  the 
data  center  to  reduce  the  number  of  servers 
it  needs, replacing  16  individual  servers  with 
one  virtualized  server. 

For  its  next  data  center,  Wachovia  is  con¬ 
sidering  using  DC  power  for  its  IT  equip¬ 
ment  rather  than  the  traditional  AC.  This 
would  eliminate  the  need  to  deal  with  the 
“transformation  losses  of  the  UPS  systems,” 
Cashner  says. 

One  reason  Wachovia  is  a  leader  in  data¬ 
center  efficiency  is  that  the  facilities  and  IT 
departments  work  closely  together.  “One  of 
the  things  we’ve  done  for  years  is  to  get 
around  the  table  all  the  subject-matter 
experts  —  risk,  security  technology  and  cor¬ 
porate  real  estate  —  so  we  can  come  up 
with  the  best  solution  that  balances  all  the 
different  factors,”  Cashner  says. 

This  relationship  will  be  important  in  the 
future  as  data-center  costs  continue  to  rise. 
For  example,  Wachovia’s  225,000-square- 
foot  Birmingham  building,  which  opened 
in  2006,  cost  $112  million.  If  it  were  to  be 
built  today  the  same  building  would  cost 
$182  million,  Cashner  says. 

“One  of  the  things  Wachovia  has  done 
really  well  is  capacity  planning,”  Cashner 
says.“We  have  a  better  idea  of  what  the  load 
growth  is  in  our  mission-critical  data  centers 
by  having  a  good  pipeline  of  what’s  coming 
down  the  pike  in  the  business  units.This  lets 
you  have  new  data  centers  come  online  just 
in  time.  It  takes  a  good  working  relationship 
among  the  different  stakeholders.” 

Interest  in  data  energy-efficiency  is  at  the 
“highest  levels”  within  Wachovia,  Cashner 
says.  “We  have  a  commitment  from  our 
CEO  on  down  that  we  are  going  to  be  a 
green  organization.  We  have  a  laser-beam 
focus  on  energy  efficiency,  and  we’ve  had 
that  for  a  long  time.” 

The  power  risk  for  CIOs 

Companies  that  don’t  measure  and 
improve  data-center  efficiency  as  Wachovia 

See  Power  costs,  page  38 


Focus  on  metrics 

Data-center  operators  must  start  measur¬ 
ing  and  monitoring  data-center  power  use 
in  real  time,  experts  recommend. 

One  key  measurement  is  The  Green  Grid’s 
PUE,  which  shows  the  ratio  of  the  power 
used  by  a  data  center’s  IT  equipment  to  the 
power  used  by  its  power  and  cooling  sys¬ 
tems.  (DCiE  is  the  reciprocal  of  PUE;  it 
shows  the  amount  of  power  going  to  IT 
equipment  as  a  percentage  of  the  total 
power  going  into  the  building.) 

Data  center  operators  should  aim  for  a 
PUE  of  less  than  2  and  ideally  as  close  to  1 
as  possible,  experts  say  In  other  words,  if  you 


+How  data  centers 
use  power  today 

IT  equipment  consumes 
about  one-third  of  the  elec¬ 
tricity  required  by  a  data 
center.  The  rest  of  the  en¬ 
ergy  overhead  comes  from 
the  associated  power  and 
cooling  infrastructures. 
Here’s  a  typical  breakdown: 


llil 


Lighting: 
Humidifier:  3M. 
Power  distribution  unit: 

Computer  room  air 
conditioning: 


+Why  data  centers 
need  to  go  green 

Data  centers  are  huge  consumers  of 
energy  and  other  raw  materials.  Here's 
a  breakdown  of  typical  consumption 
numbers  for  a  one-megawatt,  high-end 
data  center  over  its  1 0-year  life: 

•  177  million  kilowatt-hours  of  electricity 

•  60  million  gallons  of  water 

•  145,000  lbs.  of  copper 

•  21,000  lbs.  of  lead 

•  33,000  lbs.  of  plastic 

•  73,000  lbs.  of  aluminum 

•  12,000  lbs.  of  solder 

•  377,000  lbs.  of  steel 

•  32  million  kilowatt-hours  of  primary  energy 


Improving  your  power  and  cooling 
infrastructure  can  boost  the  overall 


energy  efficiency  of  your  data  center  by 
25%  to  50%,  experts  say.  These  data¬ 
center  design  elements  will  prove 
advantageous: 

1.  Ultra-high-efficiency  UPS. 

2.  High-voltage  AC  power  distribution. 

3.  Close-coupled  cooling. 

4.  Scalable  power  and  cooling  equipment. 

5.  Power  and  cooling  capacity  planning 
and  management  software. 
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For  you,  it’s  a  problem  you  didn’t  see  coming 

For  your  business,  it’s  a  customer 
you  won’t  see  coming  back. 


You  can  t  anticipate  every  problem.  But  Emerson  Network  Power  and  its 
Liebert  power  and  cooling  technologies  can  help  you  create  an  IT  infrastructure 
that  is  ready  for  anything— unplanned  outages,  unpredictable  growth  or 
unexpected  technologies. 

One  example  is  the  Liebert  NX,  a  software-scalable  UPS  that  can  double  in 
capacity  without  adding  or  modifying  hardware.  Download  our  white  paper, 
Powering  Change  in  the  Data  Center,  and  discover  what  Liebert  technologies 
can  do  for  your  operating  flexibility,  at  flexibility.liebert.com. 
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Liebert  flexibility 

Just  another  reason  why  Emerson  Network  Power  is  the  global  leader 
in  enabling  Business-Critical  Continuity'." 


EMERSON 

Network  Power 


Emerson.  Business-Critical  Continuity  and  Liebert  are  trademarks  of  Emerson  Electric  Co.  or  one  of  its  affiliated  companies.  ©2007  Emerson  Electric  Co. 
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EMERSON.  CONSIDER  IT  SOLVED: 


Power  costs 

continued  from  page  36 

and  State  Farm  have  done  risk  losing  their  competitive  edge,  experts  say 

Companies  that  don’t  improve  data-center  efficiency  are  “going  to 
go  out  of  business  because  the  cost  per  transaction  will  be  prohibi¬ 
tively  expensive  for  them  compared  to  the  competition,”  Liebert’s 
Pouchet  warns. 

Noting  that  the  U.S.  Green  Building  Council  soon  will  be  rating 
data  centers,  Pouchet  predicts  companies  will  be  out  of  favor 
unless  their  data  centers  are  rated  silver,  gold  or  platinum. “People 
will  start  using  data-center  ratings  as  a  metric  to  get  your  business.  In 
one  to  three  years,  this  is  going  to  be  something  on  people’s  business 
cards:  We  run  a  gold-certified  data  center!’ 

The  data-center  power  and  cooling  problem  is  going  to  get  worse 
before  it  gets  better,  experts  say 

The  Uptime  Institute’s  Brill  estimates  that  the  cost  of  providing  power 
and  cooling  to  data-center  equipment  is  now  one  and  a  half  times  the 
cost  of  the  equipment  itself  over  its  lifetime. “I  see  it  growing  to  three 
times  or  four  times,”  he  says.“The  problem  is  that  the  growth  is  invisible 
until  the  data  center  runs  out  of  capacity’ 

CIOs  who  think  they  have  solved  the  data-center  power  and  cool- 


Two  ways  to  measure 
power  consumption 

BY  CAROLYN  DUFFY  MARSAN 


H  wo  metrics  are  emerging  as  industry  stan- 
m  dards  for  measuring  cfata-center  power 
H  consumption:  Power' Usage  Effectiveness 
fJ  and  Data  Center  Infrastructure  Efficiency. 

Hf  Both  metrics  are  backed  by  The  Green  Grid,  an  industry  con¬ 
sortium  formed  last  year  to  develop  standards  for  measuring 
data-center  efficiency  and  productivity  (see  “Where  to  turn  for  advice 
about  power!’  page  42).  These  metrics  are  used  to  compare  the 
amount  of  electricity  the  data  center  consumes  for  power  and  cool¬ 
ing  with  the  amount  of  power  used  by  the  data  center’s  IT  equipment. 

“Site  infrastructure  overhead  is  a  simple  concept,”  says  Ken  Brill, 
founder  and  executive  director  of  the  Uptime  Institute,  which  pro¬ 
vides  consulting  services  to  more  than  100  data-center  operators.“It’s 
easy  to  measure  and  captures  everything.” 

Here’s  how  The  Green  Grid  defines  these  two  metrics  for  measuring 
data-center  infrastructure  overhead: 

1 .  PUE  =  Total  facility  power 

IT  equipment  power 

PUE  is  a  ratio.  It  should  be  less  than  2;  the  closer  to  l,the  better. 

2.  DCiE  =  IT  equipment  power  x  100 

Total  facility  power 

DCiE  is  a  percentage. The  bigger  the  number,  the  better. 

“The  word  about  these  metrics  is  really  getting  out  into  the  commu¬ 
nity’ says  John  Pflueger,  technology  strategist  at  Dell  and  a  member  of 
The  Green  Grid’s  Technical  Committee.These  metrics  have  been  dis¬ 
cussed  in  some  of  our  meetings  in  Europe.  Policymakers  at  the  U.S. 
Environmental  Protection  Agency  and  the  Department  of  Energy  are 
very  aware  of  these  metrics.” 

A  lot  of  work  remains,  however,  to  document  ways  to  collect 
power-consumption  data  and  to  apply  these  metrics  so  they  can  be 
used  to  compare  the  efficiency  of  data  centers  in  different  organi¬ 
zations,  Pflueger  says. 


ing  problem  through  server  virtualization  are 

wrong,  experts  say. Virtualization  is  a  one-time  fix.  It 

can  help  you  delay  dealing  with  data-center  efficiency  but  it  won’t  fix 

the  problem  forever. 

“Virtualization  will  get  energy  costs  below  the  threshold  for  a  while, but 
it  will  pop  up  again,”  Microsoft’s  Belady  says.  “Virtualization  buys  you 
time,  but  after  that  virtualization  won’t  give  you  more  energy  efficiency’ 

Data-center  operators  who  can  figure  out  how  to  eke  out  more  effi¬ 
ciency  from  their  facilities  continually  are  going  to  be  an  asset  to  their 
employers,  experts  say 

“The  efficiency  methodologies  enable  you  to  get  more  compute 
capability  out  of  the  same  kilowatts,”  APC’s  Cottuli  says.  “A  business 
manager  may  need  5,000  transactions  per  second.  If  the  data  center 
manager  can  put  in  some  efficiencies,  such  as  better  cooling  or  virtu¬ 
alization,  and  give  the  business  manager  the  extra  transactions  with 
the  same  amount  of  kilowatts,  that’s  a  win-win.” 

The  data-center  power  and  cooling  problem  “fundamentally 
changes  the  underlying  economics  of  IX’  Brill  says.  “CIOs  who  don’t 
adapt  to  this  new  math  could  make  profound  investment  mistakes.”® 


This  year, The  Green  Grid  will  be  working  on  productivity  metrics.  In 
particular,  the  group  is  interested  in  measuring  the  useful  work  com¬ 
ing  out  of  a  data  center. 

“This  is  something  that  people  have  been  looking  at  in  our  industry 
for  a  while.  It’s  a  hard  problem,”  Pflueger  says.“One  of  the  reasons  why 
this  is  such  a  hard  problem  is  that  what  counts  for  useful  work  at  an 
[Advanced  Micro  Devices]  data  center  might  not  be  the  same  thing 
as  useful  work  in  a  Dell  data  center.” 

The  Green  Grid  ultimately  hopes  to  come  up  with  a  metric  —  like 
miles  per  gallon  for  automobiles  —  for  data  centers. 

“As  our  metrics  evolve,  they’ll  become  more  accurate  and  the  num¬ 
ber  of  things  you’ll  be  able  to  do  with  [them]  will  increase,”  Pflueger 
says.  “You’ll  be  able  to  make  more  finely  granular  decisions  using 
these  metrics.” 

Members  of  The  Green  Grid  predict  their  PUE  and  DCiE  metrics  will 
be  built  into  network  management,  operating-system  and  other  soft¬ 
ware  for  real-time  measuring  and  monitoring.  “It’s  going  to  be  real 
interesting  to  see  who  picks  up  on  our  models  and  figures  out  how  to 
make  a  buck  on  them,”  says  Larry  Vertal,  senior  strategist  at  AMD  and 
a  member  of  The  Green  Grid’s  board  of  directors.  ■ 
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BRIAN  STAUFFER 


Solutions  Collaboration  Delivery  Support  Billing 


Nick  Stafford,  IT  Operations  Manager,  Cabela's 

e.'Xpe.he.rtCleS  the  Stopping  here 


A  partnership 

that  understands 
our  Ausi/ ieSS  needs 


ft'iAib/i s,  /proactive 

Support  that  takes 

otunerShip  <yf  iSSUeS 


With  wildly  popular  destination  stores  and  120  million  catalogs  mailed  yearly,  Cabela’s,  the  world’s  foremost  outfitter  of 
hunting,  fishing,  and  outdoor  gear,  requires  a  steadfast  network  provider  to  service  its  loyal  customers.  Enter  the  superior 
enterprise  networking  experience  of  MASERGY.  Through  a  passionate  dedication  to  the  customer  experience,  our  proven  IP  MPLS 
network  offers  flexible  solutions,  responsive  collaboration,  seamless  global  delivery,  proactive  support  and  simplified  billing. 

And  in  the  case  of  IT  big  gun  Nick  Stafford,  our  “buck  stops  here”  attitude  may  be  his  rarest  trophy  of  all. 
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Experience  MASERGY 
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1.866. MASERGY  |  masergy.com 
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Five  ways  to  ease  the  power  problem 


BY  DENI  CONNOR 


utting  back  on  the  amount  of  power  a  data  center  con- 


lYP  Mission  Critical  Facilities,  a  data  center 
consultancy  says:  “If  you  are  not  looking  at  your  data 
center  from  the  utility  input  down  to  the  chip,  and 
then  back  to  the  power  and  cooling,  you  are  missin 
the  target.”  These  five  tips  —  some  ror  the  here  arr 
now  and  others  for  longer-term  strategizing  —  will 
help  you  curb  power  use  in  the  data  center. 


1.  Don’t  overlook  the  obvious 

Seal  holes  in  the  raised  floor  left  by  equip¬ 
ment  that’s  been  moved  or  uninstalled.  Install 
blanking  plates  in  empty  portions  of  racks 
where  network  gear  or  servers  ordinarily 
would  go.  Relocate  perforated  floor  tiles  from 
hot  to  cool  aisles.  Enable  the  energy-saving 
features  of  servers  and  computers.  If  possible, 
turn  off  the  lights  in  the  data  center. 

Such  efforts  can  help  offset  rising  utility 
rates,  users  say.  Facing  rising  rates,  “we 
replaced  our  old  monitors  with  Dell  Energy 
Smart  LCDs;  we  turned  on  all  the  energy¬ 
saving  technologies  in  the  PCs  that  power 
down  drives  and  put  them  in  sleep  mode; 
[we  changed  out]  any  printer  that  didn’t 
support  power-save  functions,”  says  Tim 
Sander,  vice  president  of  IT  at  Applied 
Systems,  an  insurance-agency  management- 
systems  company  in  University  Park,  Ill. 

Carmine  Iannace,  IT  director  for  The  Brattle 
Group,  a  business  consulting  firm  in 
Cambridge,  Mass.,  says  he  has  done  likewise. 
“We’ve  used  blanking  plates  in  our  empty 
racks  to  direct  airflow.  We  move  around 
servers  to  balance  the  cooling  load  in  the 
data  center.  In  addition,  we  keep  an  eye  on  the 
servers  that  are  in  development  —  if  they  are 
not  in  use,  they  get  shut  down.”  Iannace  also 
uses  the  energy-saving  features  of  desktops 
and  laptops,  plus  he  mandates  that  employees 
shut  down  their  computers  at  the  end  of  the 
workday  to  save  electricity  Further,  he  turns 
out  the  lights  in  the  data  center  when  no  one 
is  working  there. 


Agency  efficiency  report.  Focus  especially 
on  x86-based  industry-standard  servers;  they 
consume  33%  of  the  entire  data  center 
power  budget.  For  example,  make  sure  your 
systems  vendors  are  not  “over-spec-ing” 
power  supplies  or  using  high-wattage  fans 
unnecessarily  says  Colette  LaForce.vice  presi¬ 
dent  of  marketing  for  Rackable  Systems,  an 
x86  server  maker.  She  recommends  looking  at 
systems  that  have  at  least  90%-efficient  power 
supplies,  which  conserve  more  power  and 
waste  less  heat  than  less-efficient  models. 

At  Brattle,  Iannace  has  outfitted  all  servers 
to  run  off  of  208-volt  power  instead  of  120- 
volt  power,  so  the  power  supplies  within  the 
servers  themselves  are  more  energy  effi¬ 
cient.  He  also  upgraded  the  core  Cisco  net¬ 
work  switch  to  208-volt  power.  In  addition, 
Iannace  has  incorporated  multicore  servers 
and  consolidated  through  virtualization.  The 
result  has  been  a  50%  reduction  in  cooling 
requirements,  he  says. 


power  to  the 
rack  instead  of  hav¬ 
ing  separate  AC  power  inside  each 
server;”  Rackable  Systems’  LaForce  says.  “DC 
supplies  are  far  more  powerful,  efficient  and 
have  far  fewer  parts  in  them,  making  them 
less  failure  prone.  Putting  them  in  the  system 
and  then  bringing  DC  power  to  the  rack  can 
save  10%  to  30%  immediately”  in  your  power 
costs.  Most  server  manufacturers  offer  a  DC 
power  option. 


2.  Energy-spec  your  servers 

Pay  attention  to  the  type  of  IT  equipment 
you  buy  because  it  consumes  50%  of  the 
power  used  by  the  data  center,  according  to 
a  recent  U.S.  Environmental  Protection 


3.  Consolidate  and  virtualize 

Tyler  Kilian,  supervisor  of  network  systems 
for  UniSource  Energy  in  Tucson,  Ariz.,  also 
points  out  the  benefits  of  consolidation  and 
virtualization,  With  physical  servers,  “we 
started  running  into  constraints  across  the 
board  —  both  in  power  and  cooling,”  he  says. 
“We  are  now  at  80%  utilization  of  our  power 
infrastructure  through  virtualization  —  best 
practices  for  the  industry  say  we  are  full  at 
80%. We’ve  been  able  to  maintain  that  80%  for 
the  past  several  years  even  though  we’ve 
increased  our  server  resources  dramatically’ 


4.  Take  DC  power 
to  the  rack  and  back 

Reprovisioning  a  data  center  with  DC  power 
takes  long-term  planning.  “You  can  add  DC 


5.  Modify  cooling 
and  power  systems 

Another  way  to  reduce  power  consump¬ 
tion  in  the  data  center  is  to  reengineer  the 
chilling  system. That  would  involve  installing 
chillers  with  variable-speed  fans,  running 
chillers  at  higher-than-normal  temperatures 
and  using  free  cooling  where  available. 

“We  are  looking  at  having  a  more  man¬ 
aged  cooling  and  energy  infrastructure  — 
things  we  can  track  more  specifically” 
UniSource  Energy’s  Kilian  says.  “We  are 
changing  our  cooling  strategy  to  in-row  sys¬ 
tems  that  . . .  will  be  able  to  adjust  for  the 
proper  amount  of  cooling  in  the  row.  In  areas 
with  lower  server  densities,  we  will  be  able 
to  turn  the  fans  down  to  consume  less 
power  and  [vice  versa] .” 

Adjusting  chillers  to  run  at  higher  temper¬ 
atures  also  can  save  money,  EYP’s  Godrich 
says.“If  you  can  run  a  chiller  at  10%  higher, 
you  won’t  see  any  delta  peak  for  your 
servers.” 

Godrich  also  says  IT  should  take  advan¬ 
tage  of  geography.  Colder  climates,  for  exam¬ 
ple,  could  provide  a  cost  advantage  in  that 
cooling  down  air  conditioners  with  ambient 
cool  air  or  ice  might  be  possible. 


Connor  is  principal  analyst  for  Storage 
Strategies  Now.  She  can  be  reached  at  dcon 
nor@ssg-now.  com. 


□uni  More  tips  for  reducing  power  load  >  Don't  forget  the  network  and  storage  gear:  www.nwdocfinder.com/3830  >  Data-center  cooling  expert  Don  Beaty  weighs  in:  www.nwdocfinder.com/3826 
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Top-to-Bottom  Reporting 


67%  Bandwidth  Usage 
reported  company  wide 


Top-Floor  Reports,  First-Floor  Detail. 

Report  network  wide  without  sacrificing  granularity,  with  the  new 
Observer  Reporting  Server.  Report  by  department  or  function  to  see  how 
problems  impact  your  business.  Plan  better  with  custom  reports  and 
trending.  Drill  into  individual  links  or  user  data  and  interface  flawlessly  with 
Observer*  and  GigaStor™  for  back-in-time  analysis  and  rapid  resolution. 
Enterprise-wide  reporting  with  drill-down  detail:  now  you  can  have  it  both  ways. 

|®  Don't  just  report:  Resolve. 


NETWORK 

INSTRUMENTS 


For  more  information,  call  800-526-5958 
www.Networklnstruments.com/resolve 


©  2007  Network  Instruments,  LLC.  All  rights  reserved.  Network  Instruments,  Observer,  GigaStor,  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 


Where  to  turn  for  advice  about  power 


Get  a 
and 


on  your  IT  power  consumption  with  metrics 
rom  these  data  center  experts 


BY  JOANNE  CUMMINGS 


The  Green  Grid 

FOUNDED:  February  2006 

PURPOSE:  Formed  to  build  metrics  and  provide 
better  communications  among  data-center  facili¬ 
ties  and  IT  staffs,  so  that  the  people  who  pay  the 
power  bills  (facilities)  can  work  with  the  people 
who  generate  them  (IT). 

KEY  VENDOR  PARTICIPANTS:  Advanced  Micro  Devices, 

American  Power  Conversion,  Dell,  HP  IBM,  Intel, 

Microsoft,  Rackable  Systems,  SprayCool,  Sun  and 
VMware. 

ENTERPRISE  PARTICIPATION:  AllState  Insurance,  British 
Telecom,  Digital  Realty  Trust,  Enterprise  Rent-A- 
Car,  News  Corp.,  University  of  California  San 
Diego  and  the  Uptime  Institute. 

WORK  TO  DATE:  Offers  the  Power  Usage  Effectiveness  (PUE)  and  Data  Center 
Infrastructure  Efficiency  (DCiE)  metrics  for  tracking  data-center  power  consumption. 

FUTURE  WORK:  Will  provide  workload-specific  IT  productivity  metrics  with  the  aim 
of  enabling  better  planning  and  tracking  of  overall  data-center  power  consump- 
tion.These  metrics,  for  use  with  PUE  and  DCiE,  should  begin  to  appear  next  year. 

APPLICABILITY  SCORECARD:  A-.The  group  has  produced  workable  metrics  and  has 
key  partnerships  across  the  board  with  the  U.S.  Department  of  Energy  (DoE), 
such  groups  as  the  Storage  Networking  Industry  Association’s  (SNIA)  Green 
Storage  Initiative,  and  key  enterprise  users.  One  caveat:  The  Green  Grid  takes  a 
broad  look  at  the  data  center  as  a  whole,  and  the  result  could  be  slowly  evolv¬ 
ing,  less  specific  guidelines. 

SNIA’s  Green  Storage  Initiative 

FOUNDED:  October  2007 

PURPOSE:  Focused  on  data-center  storage  issues,  the  group’s  goals  are  to  evan¬ 
gelize  the  need  for  power  efficiency  in  storage  and  to  produce  power-efficiency 
metrics  for  data-center  storage  hardware,  such  as  arrays  and  switches. 

KEY  VENDOR  PARTICIPANTS:  Brocade  Communications,  CA,  Cisco,  Dell,  EMC,  HR 
Hitachi,  IBM,  Intel,  LSI,  Microsoft,  Network  Appliance,  Oracle,  QLogic,  Seagate 
Technology  Sun  and  Symantec. 

ENTERPRISE  PARTICIPATION:  Primarily  vendors,  although  some  nonprofits  and 
small  enterprises  hold  nonvoting  positions.  A  sample  includes  the  Arizona 
Department  of  Transportation,  Hudson’s  Bay  Co.  and  Nielsen  Media  Group. 

WORK  TO  DATE:  Technical  working  groups  are  building  storage  metrics  for  array 
capacity  (watts  per  gigabyte  of  storage),  switch  efficiency  (watts  per  gigabit  of 
bandwidth)  and  server  I/O  (watts  per  number  of  operations).  SNIA  is  planning 
a  series  of  plugfests  this  spring  to  collect  storage-power  data  from  various  data 
center  environments.  Initial  metrics  are  expected  by  year-end. 

FUTURE  WORK:  Once  the  metrics  are  built, SNIA  will  hand  them  off  to  enterprises 
and  larger  programs  to  use  in  developing  data-center  power  metrics.  Potential 
recipients  include  The  Green  Grid  and  the  Energy  Star  program  run  by  the  U.S. 
Environmental  Protection  Agency  (EPA)  and  the  DoE. 

APPLICABILITY  SCORECARD:  B-.The  group’s  focus  on  storage  is  a  plus,  because  stor¬ 
age  this  year  is  set  to  overtake  servers  in  data-center  power  consumption,  IDC 
says.  Still,  it  is  vendor-run,  expensive  to  join  ($2,500  for  nonvoting  members,  in 
addition  to  SNIA  membership  dues)  and  slow  moving. 

The  Green  Data  Project 

FOUNDED:  September  2007 

PURPOSE:  Focuses  on  storage  from  a  software  standpoint.The  group  intends  to 
evangelize  data-management  best  practices,  including  use  of  e-mail-  and  data¬ 


base-archiving  software,  to  reduce 
overall  storage  needs  and  thus 
power  consumption. 

KEY  VENDOR  PARTICIPANTS:  C2C 
Systems,  CA,  Caringo,  Clearview 
Software,  Data  Islandia,  Data  Man¬ 
agement  Institute,  FileTek,  JPR 
Communications,  KOM  Networks, 
Plasmon,  Qstar  Technologies,  Toigo 
Partners,  TPI  Technologies  and 
Zerowait. 

ENTERPRISE  PARTICIPATION:  American 
International  Group,  Family  Dollar 
Stores,  FedEx,  Mars  and  the  county 
of  Santa  Clara,  Calif.,  among  others. 

WORK  TO  DATE:  White  papers, some  best  practices  reports,  and 
ongoing  dialogue  via  the  Drunkendata.com  blog. 

FUTURE  WORK:  Planning  a  free  Compliance,  Carbon  foot¬ 
print  reduction,  Cost  savings  and  Continuity  (C4)  summit 
in  Tampa,  Fla.,  this  spring  aimed  at  getting  members 
together  to  discuss  data-management  strategies  within 
vertical  industries.  Eventually,  the  project  will  publish  a 
series  of  vertical-focused  best  practices  guides  for  data 
management. 

APPLICABILITY  SCORECARD:  B.  Focus  on  cleaning  up  storage 
practices  will  make  hardware  initiatives  more  efficient.  The 
group  has  good  enterprise  representation  among  its  5,000 
members  to  date,  with  no  cost  to  join.The  jury  is  out  on  how 
big  an  impact  cleaner  data  management  will  have  on  the 
overall  power  problem. 

The  EPA’s  Energy  Star  Program 

FOUNDED:  Energy  Star  began  in  1992  as  an  energy-efficiency 
labeling  program  primarily  for  consumer  products.  In  August 
2007,  the  EPA  released  a  study  on  data-center  power  con¬ 
sumption,  which  found  that  data  centers  consume  1.5%  of 
total  U.S.  electricity 

PURPOSE:  Create  Energy  Star  ratings  for  data  centers. 

KEY  VENDOR  PARTICIPANTS:  Vendor  sponsors  for  recent  stake¬ 
holder  discussions  included  APC,  Emerson  Network  Power, 
HRIntel,  SprayCool  and  VMware. 

ENTERPRISE  PARTICIPATION:  Primarily  a  government-run  pro¬ 
gram,  although  recent  meetings  drew  attendees  from  eBay 
Pacific  Gas  &  Electric  and  Wells  Fargo  Bank. 

WORK  TO  DATE:  Released  report  findings.  Along  with  The 
Green  Grid  and  other  groups,  the  EPA  is  developing  energy- 
efficiency  specifications  for  data-center  equipment. 

FUTURE  WORK:  Will  build  an  Energy  Star  benchmark  for  data 
centers  that  reflects  whole-building  operations,  but  has  not 
nailed  down  when  it  will  be  available. 

APPLICABILITY  SCORECARD:  B+.  Should  provide  vendor-neutral 
energy-efficiency  benchmarks  any  enterprise  could  use. 
Has  a  strong  partnership  with  industry  including  The  Green 
Grid.  Still,  it’s  a  government-run  program  that  moves  slowly. 

Cummings  is  a  freelance  writer  in  North  Andover,  Mass. 
She  can  be  reached  at  jocummings@comcast.net. 


ONLINE 


>  Simple-to-use  tools  for  measuring  your  data  center's  energy  efficiency;  www, nwdocfinder.com/3822 


42  •  FEBRUARY  18,  2008  •  WWW.NtTW0RKW0RLD.C0M/SUPP/  2  0  0  8  /NDC1/ 


Protect  your  latest  IT  investments  with  the  latest  UPS. 


A  battery  warning  from  your  partner  in  reliability 

When  you  bought  your  APC  UPS,  you  chose  it,  and  us,  for  our 
legendary  reliability... because  you  wanted  the  best  product 
available.  So  as  the  industry  leader  and  your  chosen  partner,  it's 
our  job  to  inform  you  that  an  aging  UPS  battery  puts  your  network 
reliability  and  your  peace  of  mind  at  risk.  If  you  are  converging 
and  consolidating  your  networks,  upgrading  your  equipment, 
or  deploying  new  servers,  be  warned:  an  older  UPS  simply  cannot 
handle  the  increased  loads  and  criticality  —  putting  your  entire 
network  at  risk  of  costly  downtime,  unsafe  shutdowns,  and  data 
and  equipment  loss. 


Luckily,  there  is  a  simple  solution  for  renewed  peace 
of  mind  — APC Trade-UPS.  With  the Trade-UPS  program,  you 
can  trade  in  your  aging  UPS  for  a  new  unit  and  receive  a  35% 
discount  on  your  new  purchase,  plus  more  runtime  and  enhanced 
manageability  of  networked  power  and  cooling.  Not  only  will  you 
see  improvement  in  performance,  you'll  also  see  improvements 
in  your  utility  bill. 


So  if  you  love  your  UPS  reliability,  make  it  last  forever.  Don't 
wait  for  your  aging  UPS  to  fail  you  — Trade  UP  today. 


Three  easy  steps  to 
improved  power  protection. 

You  can  get  the  latest  in  UPS  technology,  at 
35%  off,  with  the  APC  Trade-UPS  program. 

Step  1  :  Tell  us  what  you  have 

•  manufacturer/model 

•  serial  number 

•  capacity  in  volt/amps  (VA) 

•  number  of  units 

Step  2:  Choose  what's  best  for  you  by 

•  price 

•  features 

•  capacity 

Step  3:  Checkout 

•  get  up  to  35%  off  the  price  of  each  new  UPS 

•  new  2  year  warranty 

•  FREE  return  shipping  of  old  units 

•  FREE  environmentally  friendly  disposal  of 

your  old  UPS  „  .  „t__, 

_ _ Trade-UPS 

APC  also  provides  upgrade  options  and  battery 
replacement  solutions  for  both  in-warranty  and 
out-of-warranty  UPS  products.  Visit  www.apc. 
com/tools/upgrade  for  more  information. 


ivade-jps  Upgrade  today  and  save!  JUPC 

Visit  APC  online  and  receive  up  to  35%  off  the  latest  in  UPS  technology.  Legendary  Reliability® 

Visit  www.apc.com/promo  Key  Code  a736w  •  Call  888.289.APCC  x9416  •  Fax  401.788.2797 


©2008  American  Power  Conversion  Corporation  and  MGE  UPS  Systems,  Inc.  All  rights  reserved.  All  APC  trademarks  are  property  of  APC-MGE. 
e-mail:  esuppon@apc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 
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units  to  cool  them  down 
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3) 

APC  in-row  units 
pump  out  cold  air, 
which  is  then  drawn 
in  through  the  front  of 
the  server  racks. 


4) 

These  units  house 
the  uninterruptible 
power  supply  and 
backup  battery. 


INSIDE  AN  ENERGY- 

EFFICIENT  DATA  CENTER 

Using  in-row  cooling  units  rather  than  traditional  computer-room 
air  conditioners,  Bryant  University  has  been  able  to  increase  server 
density  while  reducing  power  costs. 


i] 

Bryant  uses  IBM 
BladeCenter  servers, 
It  has,  so  far,  filled 
four  of  the  available 
racks  with  about  35 
blades  per  rack. 


2) 

Bryant  uses  a 
hot-aisle/cold-aisle 
layout.  APC  in-row 
cooling  units  draw  in 
hot  air  exhausted  from 
the  back  of  server 
racks. 
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SERIES 


hen  Bryant  University  wraps  up  its  proof-of-concept  analysis  of  its 
new  data  center  —  a  next-generation,  blade-server-based  computing 
facility  with  in-row  cooling  —  it  anticipates  no  surprises.  The  school 
expects  to  see  energy  savings  of  about  20%,  or  as  much  as  $20,000  a 
year,  compared  with  its  old  setup. That’s  what  the  results  of  the  analy¬ 
sis,  expected  out  within  weeks,  should  show,  says  Richard  Siedzik, 
Bryant’s  director  of  computing  and  telecommunications  services. 

Bryant  is  working  with  its  primary  vendors,  IBM  and  American  Power 
Conversion  (APC),  to  document  the  efficiency  of  the  new  data  center’s 
computing  and  energy  infrastructures.  In  December,  it  installed  IBM’s 
recently  updated  Systems  Director  Active  Energy  Manager  software  to  determine  specific  en¬ 
ergy  savings. With  the  software, Bryant  can  monitor  energy  use, and  with  that  data  determine  the 
best  way  to  deploy  workloads  or  cap  power  use  to  prevent  cost  overruns. 

Bryant,  a  private  school  in  Smithfield,  R.I.,  powered  up  the  $900,000  data  center  last  May. 
Representing  the  latest  in  modular  design,  the  data  center  lets  Bryant  add  server, storage  and 
network  capacity  as  needed. That  sort  of  dynamic  capability  is  the  hallmark  of  today’s  uni¬ 
versities.  As  elsewhere,  the  3,600  Bryant  students  come  predominantly  from  the  Internet  and 
cell-phone  generation  —  now  they’re  all  into  social  networking  through  MySpace,  Facebook 
and  the  like,  too. 

“Every  time  students  come  back  from  semester  break,  they  come  back  with  more  and 
more  mobile  devices,”  Siedzik  says. 

The  new  data  center  is  helping  IT  keep  up  with  the  crazy  demand  —  while  maintaining 
highly  efficient  computing  and  power  infrastructures. 


Bogged  down  by  inefficiencies 

Bryant’s  IT  department  provides  each  student  with  a  laptop  computer  and  has  made 
wireless  Internet  access  available  throughout  the  420-acre  campus.  Bryant  also  has 
converted  to  an  IP-based  campus  telephone  system;  in  the  wake  of  last  year’s 
fatal  shooting  rampage  at  Virginia  Tech,  it  also  set  up  an  IP-based  emer¬ 
gency  notification  system. 

As  computing  demand  surged  from  such  initiatives  as  these,  Bryant’s 
infrastructure  —  servers  scattered  about  in  various  campus  build¬ 
ings  —  became  increasingly  inadequate.  “We  spent  most  of 
our  time  managing  around  our  shortfalls  and  our  ineffi¬ 
ciencies,”  Siedzik  says. 

Consolidating  IT  resources  in  a  new  data 
center  made  good  sense,  but  one  chal¬ 
lenge  loomed:  The  ceiling  heights  at 
available  campus  sites 
were  too  low  for 
a  traditional  layout 
of  servers  and  stor¬ 
age  with  a 


floor  and  a  plenum  beneath  for  cabling  and  air 
circulation.  Among  all  participants,  only  IBM 
submitted  a  design  taking  this  limitation  into 
account, Siedzik  says. 

IBM’s  design  features  BladeCenter  servers 
and  in-row  cooling  in  which  APC  cooling  units 
are  placed  between  racks  of  servers  (see 
graphic).  In-row  cooling  differs  from  the  more 
traditional  approach  of  placing  computer 
room  air  conditioners  (CRAC)  around  a  data 
center.  The  problem  with  the  CRAC  approach, 
Siedzik  says,  is  that  sometimes  the  units  work  at 
cross  purposes  —  one  unit  might  be  cooling 
the  air  while  a  second  dehumidifies  it  and  a 
third  humidifies  it. 

By  comparison,  an  in-row  unit  provides  “pre¬ 
cision  cooling.”  If  the  server  next  to  it  heats  up 
during  operations,  the  in-row  cooling  unit 
cranks  out  cooler  air,  then  dials  down  when  the 
server  slows  down.“If  more  cooling  is  called  for 
in  a  rack,  only  those  cooling  units  within  that 
row  ramp  up.  They’re  independent,  and  very 
precise,”  Siedzik  says. 

Precision  cooling  was  particularly  important 
because  of  the  blade  servers,  he  adds.  Their 
compact  design,  compared  with  traditional 
rack  servers,  means  there’s  less  space  inside  a 
server  for  airflow  and  more  heat  is  generated. 

More  power,  better  efficiencies 

By  replacing  older  servers  scattered  around 
campus  with  new  blades  matched  with  in-row 
cooling,  Bryant  added  processing  power  while 
reducing  energy  use.  Siedzik  estimates  that  the 
university’s  old,  decentralized  system  drew 
about  60  to  70  kilowatts  of  power  altogether. 
The  new  500-square-foot  data  center  is  de¬ 
signed  to  provide  as  much  as  60  kW  but  for 
now  consumes  43  k\V  which  means  there  is 
room  to  grow  and  still  be  energy  efficient. 

Aside  from  the  new  data  center,  Bryant 
already  had  adopted  virtualization,  which  lets 
it  increase  server  utilization  rates  and  reduce 
the  total  number  of  servers  needed.  Server 
utilization  has  grown  from  roughly  10%  to 
about  55%,  which  itself  is  a  form  of  energy 
savings,  Siedzik  says.  He  also  estimates  that 
standardizing  on  operating  systems  and  soft¬ 
ware  applications,  as  well  as  other  efficien¬ 
cies,  has  reduced  operational  expenses  by 
about  30%  from  before  the  upgrade. 

Siedzik  is  confident  that  the  numbers  will 
show  Bryant’s  project  was  a  sound  invest¬ 
ment  for  the  school  and  its  students,  faculty 
and  parents.  “I  think  directly  they  benefit 
because  we  can  reduce  our  overall  costs,  and 
that  impacts  students,”  he  says.“Indirectly  we 
are  more  environmentally  responsible  and 
we  can  provision  more  quickly  as  demand 
[grows]  for  more  computer  services." 

After  all,  another  semester  has  just  started. 

Mullins  is  a  technology  writer  in  Santa  Clara, 
Calif.  He  can  be  reached  at  rjmullins5@com 
cast.net. 
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he  “No  Power  Struggles 
Project”  sounds  Tike 
some  utopian  political 
system  where  different 
factions  work  for  the 
common  good.  In  fact, 
it’s  the  name  an  HP 
researcher  gives  to  his 
dream  of  a  harmo¬ 
nious  data  center. 


Researcher  Parthasarathy  Ranganathan 
foretells  a  future  in  which  power  manage¬ 
ment  features  will  be  built  into  the  processor, 
memoryserver.software  and  cooling  systems. 
Coordination  will  be  paramount.  “What  hap¬ 
pens  if  you  turn  all  these  elements  on  at  the 
same  time?”  the  principal  research  scientist  at 
HP  Labs  asks.  “How  do  I  make  sure  that  the 
system  doesn’t  explode?” 

Power  management  systems  will  have  to 
operate  holistically  without  one  component 
conflicting  with  another,  Ranganathan  says. 

Ranganathan  is  just  one  of  many 
researchers  at  the  tech  industry’s  biggest  labs 
looking  beyond  virtualization,  multicore 
processors  and  other  established  technolo¬ 
gies  to  see  how  future  data  centers  will  handle 
increasing  demands  for  processing  capability 
and  energy  efficiency  while  simplifying  IT. 
Another  is  Laura  Anderson,  IS  manager  at 
IBM’s  Almaden  Research  Center.“I  think  we’re 
on  the  cusp  of  another  revolution,”  she  says. 
“We’re  talking  about  doing  something  to  sim¬ 
plify  and  integrate  these  things  in  a  way  so 
that  mere  mortals  can  manage  them.” 


Cloud  computing 

Cloud  computing,  one  approach  Almaden 
researchers  are  pursuing,  already  has  mani¬ 
fested  itself  in  the  Blue  Cloud  initiative  IBM 
launched  three  months  ago.  Under  the  Blue 
Cloud  architecture,  enterprises  can  get 
Internet-like  access  to  processing  capacity 
from  a  large  number  of  servers,  physical  and 
virtual.  By  not  having  to  add  machines  locally, 
enterprises  save  on  the  cost  of  powering  up 
and  outfitting  new  computing  facilities.  Cloud 
computing  also  could  help  reduce  ongoing 
energy  consumption,  because  enterprises  will 
not  need  to  accommodate  capacity  they  will 
not  use  all  the  time. 

This  spring  IBM  will  take  the  concept  further, 
offering  BladeCenter  servers  with  power  and 
x86  processors,  and  service  management  soft¬ 
ware  —  a  “‘Cloud  in  a  Box’  so  to  speak,”  says 


“We  shifted  away  from  [liquid  cooling]  technology, 

but  it’s  coming  back”  as  a  good  alternative  to  air  conditioning. 

-TOMMY  M  INYARD,  assistant  director  of  advanced  computing  systems,  the  Texas  Advanced  Computing  Center 


Dennis  Quan,  senior  technical  staff  member 
at  IBM’s  Silicon  Valley  Lab. 

Cloud  computing  will  mature  in  coming 
years  as  enterprises  increasingly  turn  to  IT  to 
serve  their  markets,  Quan  says.  Certainly  Web 
2.0  sites  posting  user-generated  content  will 
proliferate,  driving  the  need  for  cloud  com¬ 
puting.  But  demand  will  come  from  main¬ 
stream  enterprises,  too.  “Financial  services 
firms  are  saying, ‘We’ve  run  out  of  space  . .  .so 
what  can  we  do?”’ he  says.“They  need  to  have 
a  compute  infrastructure  that’s  scalable.” 

Liquid  cooling 

Liquid  cooling,  once  featured  in  IBM  main¬ 
frames  and  Cray  supercomputers,  may  be 
returning  to  data  centers  as  an  alternative  to 
air  conditioning,  says  Tommy  Minyard,  assis¬ 
tant  director  of  advanced  computing  systems 
at  the  Texas  Advanced  Computing  Center  at 
the  University  of  Texas  at  Austin. 

In  a  white  paper,  data-center  solutions 
provider  42U  describes  a  variety  of  liquid¬ 
cooling  approaches  under  development.They 
include  modular  liquid-cooling  units  placed 
between  racks  of  servers;  a  new  door  at  the 
back  of  a  server  rack  with  tubes  flowing  with 
chilled  water;  and  server  racks  with  integrated 
power  supply,  distribution  and  liquid  cooling. 

Sun  Labs  is  researching  liquid  cooling  but  is 


looking  for  an  environmentally  correct  alter¬ 
native  to  Freon, says  Ali  Alasti.vice  president  of 
engineering  of  the  systems  group  at  Sun  Labs. 

“You’re  going  to  see  a  lot  more  of  [liquid 
cooling]  in  the  next  five  years,  but  [in  a  form] 
that  is  a  little  more  friendly  to  the  idea  that  we 
don’t  want  people  choking  on  some  gas  that 
may  be  dangerous  to  them,”Alasti  says. 

Computing  without  wires 

Sun  Labs  is  looking  at  a  way  to  eliminate 
copper  from  processors  with  what  it  calls 
“proximity  communication.”  Signals  now  are 
sent  from  one  chip  to  another  with  copper 
wire.  With  proximity  communication,  proces¬ 
sor  dies  touch  one  another  directly  eliminat¬ 
ing  the  need  for  wiring.“The  basic  principle  is 
to  use  capacitor  coupling  directly  on  the  die 
to  transfer  data  from  one  chip  to  another 
chip,”  says  Hans  Eberle,  a  distinguished  engi¬ 
neer  at  Sun  Labs. 

The  technology  is  a  couple  of  years  away 
from  being  used  in  a  product,  Eberle  says.  But 
once  in  use,  the  result  would  be  a  hundred¬ 
fold  increase  in  I/O  density  and  lower  power 
consumption. 

Mullins  is  a  technology  writer  in  Santa  Clara, 
Calif.  He  can  be  reached  at  rjmullins5@com 
cast.net. 
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Comcast,  serving 

Consider  this  statement:  “Critical  decisions 
should  not  be  based  on  the  demands  of 
the  vocal  minority  ...  but  on  what  is  need¬ 
ed  to  serve  the  best  interests  of  all  Internet 
users.”This  laudable  statement  is  from  Com¬ 
cast’s  response  to  the  public  notices  issued  by 
the  FCC’s  Competition  Bureau  on  Jan.  13. 

The  reason  for  the  notices  and  Comcast’s 
response  was  thatVuze,a  company  that  uses 
peer-to-peer  (P2P)  technology  to  distribute  movies,  alleged  its  service 
was  being  intentionally  degraded  by  Comcast.  Comcast’s  tedious  and 
lengthy  response  confirms  that  the  ISP  was,  in  fact,  doing  just  that. 

So  why  would  Comcast  mess  with  Vuze’s  service  or  any  other  traffic? 
According  to  an  ArsTechnica  article, “In  the  Comcast  network,  each 
node  typically  serves  450  households,  but  when  as  few  as  15  P2P 
BitTorrent  upload  sessions  are  running  concurrently,  all  450  homes  can 
see  their  network  access  impeded  enough  to  be  noticeable. 

To  deal  with  Vuze  and  other  P2P  services,  Comcast  was  throttling  back 
P2P  traffic  to  minimize  potential  network  disruption.  Like  the  other  big 
ISPs,  Comcast  makes  no  service-level  commitment  to  consumers  so 
whatever  bandwidth  you  get  is  whatever  you  get,  and  if  the  throttling 
impacts  what  you’re  doing,  tough  luck. 

Of  course, should  Comcast  decide  to  use  P2P  techniques  to  deliver 
movies  it  will,  unlike  Vuze,  be  completely  free  to  do  so.  And  should  it 
decide  that  any  other  type  or  source  of  traffic  is  not  in  “the  best  interest 
of  all  Internet  users”  it  might  choose  to  block  that  as  well. 

While  you  might  argue  that  it  is  Comcast’s  network  and  it  is  entitled 
to  do  what  it  wants,  there  are  two  serious  issues  to  consider. 

First,  there  is  the  issue  of  free  and  fair  competition  in  the  market¬ 
place.  Comcast’s  traffic  shaping  excludes  potential  competitors  from 
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users  or  itself? 

access  to  media  that  Comcast  is  publicly  licensed  to  supply 

Second,  there’s  the  damping  effect:  Some  start-ups  may  never  get  out 
of  the  gate  if  they  have  to  wonder  whether  their  traffic  will  be  inter¬ 
fered  with. 

That  said,  there’s  another,  bigger  issue  that  faces  us  collectively:  As  a 
society  we  need  the  ’Net  to  work  really  well.  At  stake  is  America’s  glob¬ 
al  competitiveness.  Limited  Internet  access  and  poor  performance, 
whether  quantified  or  not,  will  be  a  huge  impediment  to  us  being,  as  a 
culture, “in  the  game.”The  quality  of  the  Internet  experience  affects 
everything  from  e-commerce  to  productivity  and  innovation. 

But  the  answer  is  not  to  regulate  how  Comcast  manages  its  own  net¬ 
work.  Let  it  do  whatever  it  wants,  but  only  where  consumers  have  a 
choice  of  service  providers.  Where  there  is  competition  the  players  will 
play  rationally 

If  Comcast  had  to  compete  head  to  head  with  other  ISPs,  do  you 
really  think  it  would  it  risk  losing  customers  by  shaping  traffic?  That’s 
what  keeps  markets  honest  —  when  customers  have  a  choice  and 
can  vote  with  their  dollars. 

But  there  isn’t  much  competition  in  many  markets,  so  ISPs  will  con¬ 
tinue  to  be  tempted  to  manipulate  traffic.That  will  result  in  users 
demanding  regulations  that  would  hamper  that  ability  And  while  that 
might  sound  desirable,  any  such  regulations  would  never  work  given 
legislators  lack  of  technical  expertise  (“tubes” —  need  I  say  more?). 

So  rather  than  regulating  the  use  of  technology  let  legislators  regulate 
the  technology  market  to  create  a  competitive  environment  where 
consumers  have  real  choice.  As  onerous  as  it  is  to  involve  politics  in 
technology  at  all,  using  legislation  to  create  competition  is  the  one 
strategy  we  can  use  to  “serve  the  best  interests  of  all  Internet  users.” 

Your  thoughts  to  gearhead@gibbs.com. 


Confessions  of  a 

He  spoofed  the  HR  director’s  work  phone 
number,  then  the  number  of  that  guy’s 
boss,  before  moving  up  to  a  vice  presi¬ 
dent,  and  finally  the  CEO.  He  says  he  had  no 
choice.  He  also  says  “this  thing  that  I  did  is  bad 
and  should  be  outlawed.” 

This  thing  that  he  did  is  perfectly  legal,  you 
may  know  already,  although  efforts  have  been 
under  way  to  have  that  rectified. 

Background: The  major  telecom  equipment 
maker  whose  employee  A.G.  Bell  had  recently  left  owed  him  thou¬ 
sands  of  dollars  in  unpaid  commissions,  he  says, yet  the  HR  depart¬ 
ment  stopped  returning  his  calls,  instead  “hiding  behind  voice  mail.” 
Spoofing  the  HR  director’s  number  got  his  underlings  to  pick  up  the 
phone,  at  least  until  they  wised  to  that  ploy  at  which  point  Bell  —  a 
fictitious  name  I’m  affording  him  to  protect  his  current  job  at  another 
telecom  vendor  —  started  spoofing  numbers  right  on  up  to  the  top  of 
the  org  chart  (not  to  mention  a  White  House  number  —  seriously). 

“Juvenile?  Yes,”  Bell  acknowledges.“Effective  at  getting  past  call 
screeners?  Absolutely  Subject  to  horrible  abuse?  Totally’ 

He  says  he  always  identified  himself  honestly  once  he  got  a  live 
voice  on  the  line. 

We’ve  been  chatting  via  e-mail  about  what  he  did,  his  minor  ambiva¬ 
lence  about  having  done  it,  and  his  major  concerns  over  the  ease 
with  which  others  with  more  criminal  agendas  could  abuse  spoofing. 
What  follows  is  an  edited  transcript: 

At  what  point  did  the  light  go  on  and  you  thought:  “Hey,  I'll  use  a  caller-ID 
spoofing  service  so  they  can't  hide  behind  voice  mail"? 

In  my  mind  I  was  a  victim  forced  to  use  distasteful  means  to  take 
care  of  my  family.  I  worked  in  the  converged  voice  space,  so  the 
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caller-ID  spoofer 

mechanics  of  caller  ID  were  not  unfamiliar  to  me  or  to  the  crew  of 
geeks  I  call  friends.The  light  went  on  over  beers  —  I  was  complaining 
about  the  former  employer’s  call-dodging  to  some  engineer  friends 
and  the  suggestion  of  using  a  local  vendor’s  lab  to  spoof  caller  ID 
came  up.  Another  engineer  said, “Don’t  reinvent  the  wheel,  just  Google 
‘spoof  caller  ID  service.’”  I  got  32,000  hits.  Spoofcard  came  up  first. 

Explain  the  mechanics  of  how  Spoofcard  works. 

So,  I  gave  them  $20  for  an  hour  of  caller  ID  misrepresentation. 
Although  I  hate  that  it  seems  to  be  legal  for  them  to  offer  this  service,  I 
love  their  implementation.  Speaking  as  an  engineer  and  a  salesman, 
they  really  built  a  sweet  platform. 

You  call  a  toll-free  number,  enter  your  account  number,  enter  the  10- 
digit  number  you  wish  to  call,  and  then  the  number  you  wish  to  be 
displayed  on  the  recipient’s  caller  ID. . . .  Prompts  go  like  this:  Press  one 
to  record  the  call,  two  to  not  record;  one  to  use  your  normal  voice,  two 
to  use  a  man’s  voice,  three  to  use  a  woman’s  voice. 

The  conversation  would  be  recorded  with  no  beeps,  artifacts  or  noti¬ 
fication  that  recording  was  taking  place,  and  could  be  downloaded  at 
leisure  from  Spoofcard.com.  For  $20  I  had  a  complete  record  and 
recording  of  every  call  made,  of  every  voice  mail  left.  Beautiful. 

Did  you  have  qualms  about  doing  it?  Any  concerns  about  legality?  Ethics? 

I  honestly  had  more  concern  with  the  way  it  would  be  perceived  if 
my  claim  had  gone  to  court  (perception  of  the  judge)  than  over  the 
legality  or  ethics  of  the  spoofing  itself.  Had  my  former  employer  not 
been  in  breach  of  contract,  been  acting  immorally  (in  my  opinion)  or 
been  refusing  to  take  or  return  my  calls,  then  there  is  no  way  that  I 
would  have  been  able  to  rationalize  spoofing  other  people’s  ID. To  be 
clear  —  1  always  identified  myself  when  the  call  was  picked  up. 

See  Buzz,  page  12 
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What  do  ambitious 
Web  engineers  do 
with  too  much  time 
on  their  hands? 


They  develop  the  world’s  best  fi 
GMX  -  Global  Mail  X-change. 

✓  Already  over  10,000,000  satisfied  users  and  counting! 

✓  Huge  selection  of  available  names  with  gmx.us  or  gmx.com! 

✓  Unprecedented  spam  protection.  Up  to  98  %  hit  rate. 

✓  Maximum  virus  protection  guaranteed! 

✓  Bundle  your  existing  e-mail  accounts  &  addresses  into  one! 


Why  our  engineers  believe  GMX  is  the  world’s  best  webmail  service: 


•  Professional  tools  for  maximum 
protection  from  viruses 

•  7-fold  anti-spam  measures 
for  up  to  98  %  fewer  unwanted 
e-mails 


Mail  addresses  to  match  your  needs: 
Select  your  favorite  name  from  a  huge 
selection  of  available  addresses  ending 
in  gmx.us  or  gmx.com! 

You  can  even  continue  using  your 
existing  e-mail  addresses  with  the  GMX 
Mail  Collector  (e.  g.  Google,  Yahoo!, 
Hotmail  etc.)  and  easily  manage  them 
all  from  one  platform. 


•  State-of-the-art,  high  security 
servers  hosted  in  the  USA 

•  Over  99  %  guaranteed  availability 

•  5  GB  storage  space 

•  Up  to  50  MB  attachments  per  mail 

•  POP3  &  IMAP  supported 


MEMBER  OF 


GMX  Internet  Services  Inc.  is  a  subsidiary  of  United  Internet,  a  listed  company  with  a  market 
capitalization  of  5  bn  US  $  and  over  3,500  employees.  GMX  has  over  10,000,000  enthusiastic 
users  and  thousands  more  are  joining  every  day. 


©2008  GMX  Internet  Services,  Inc.  All  rightsreserved.VisitGMX.com  for  full  details.  Product  and  program  specifications  and  availability  are  subject  to  change  without  notice.  Google  is  a 
registered  trademark  of  Google,  Inc.;  Yahoo!  is  a  registered  trademark  of  Yahoo!  Inc;  Hotmail  is  a  registered  trademark  of  Microsoft  Corporation;  AOL  is  a  registered  trademark  of  AO:  ,  LLC. 


ee  webmail  service  and  call  it 


10.34  a.m. 
11:11  a.m. 
11:18  a.m. 
11:40  a.m. 
11:52  a.m. 
01:41  p.m, 
02:08  p.m 
09/26/07 
09/26/07 


All  [g  Forward 


§GMX»«I 
£3  Inbox  (6) 
g  CoSes: 

Q  He*  sitter  (3) 

Q  Private 

O  Sport*  <1) 
Wort 
^  Spam 


10.34  a.m. 
11:11  a.m. 
1 1:18  a.m. 
11:40  a.m. 
11:52  a.m. 
01:41  p.m 
02:08  p.m 
09/26/07 
09/26/07 


Subjact 

Got  your  message! 

Dinner  fast  night 
How  are  you? 

Baseball  on  Thursday 
Call  me  tonight 
How  was  your  trip? 
Shopping  with  mum 
what's  up? 

Good  morning  sweetheart 


§  From 

9  Sarah  McDonald 
Kevin  Smith 
Susan  L  Moore 
dob  Jones 
Peter  Williams 
James  Walsh 
Alex  Miller 
Jennifer  Moran 
Simon  8.  Miller 


^Drafts 

Qsent 

jf  Trash 


John  .De*?55@v  ahoo  ,com 
Sjj0rerHJom9@acl.com  (2) 

Q  BaskeSSball  .Oub^gmat!  ,com 
y|  JciacMve@hctmail.com 


09/28/0/11:11  am. 


From:  Kevin  Smith 

Select-  Dinner  lest  night 


09/28/0?  11:11  a.m, 


Hi  John. 

gym  training  to 

- 

Thanks,  Mark 


100%  Free!  The  widest  selection  of 
free  e-mail  addresses.  Sign  up  now! 
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